From 7b1c1af9ff74ae61b6843180eef652d4be903928 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:52:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0034.json | 130 +++++++------- 2002/0xxx/CVE-2002-0657.json | 200 ++++++++++----------- 2002/1xxx/CVE-2002-1736.json | 130 +++++++------- 2002/1xxx/CVE-2002-1859.json | 150 ++++++++-------- 2002/2xxx/CVE-2002-2062.json | 150 ++++++++-------- 2002/2xxx/CVE-2002-2201.json | 140 +++++++-------- 2003/0xxx/CVE-2003-0343.json | 120 ++++++------- 2003/0xxx/CVE-2003-0522.json | 130 +++++++------- 2003/0xxx/CVE-2003-0643.json | 180 +++++++++---------- 2003/0xxx/CVE-2003-0930.json | 130 +++++++------- 2009/1xxx/CVE-2009-1422.json | 150 ++++++++-------- 2009/1xxx/CVE-2009-1442.json | 190 ++++++++++---------- 2009/5xxx/CVE-2009-5046.json | 34 ++-- 2012/0xxx/CVE-2012-0336.json | 34 ++-- 2012/0xxx/CVE-2012-0471.json | 250 +++++++++++++------------- 2012/0xxx/CVE-2012-0912.json | 130 +++++++------- 2012/0xxx/CVE-2012-0999.json | 140 +++++++-------- 2012/1xxx/CVE-2012-1341.json | 34 ++-- 2012/3xxx/CVE-2012-3036.json | 34 ++-- 2012/3xxx/CVE-2012-3214.json | 200 ++++++++++----------- 2012/3xxx/CVE-2012-3400.json | 260 +++++++++++++-------------- 2012/3xxx/CVE-2012-3547.json | 310 ++++++++++++++++----------------- 2012/3xxx/CVE-2012-3788.json | 34 ++-- 2012/3xxx/CVE-2012-3944.json | 34 ++-- 2012/4xxx/CVE-2012-4002.json | 160 ++++++++--------- 2012/4xxx/CVE-2012-4150.json | 140 +++++++-------- 2012/4xxx/CVE-2012-4847.json | 130 +++++++------- 2012/4xxx/CVE-2012-4882.json | 120 ++++++------- 2017/2xxx/CVE-2017-2526.json | 160 ++++++++--------- 2017/2xxx/CVE-2017-2625.json | 200 ++++++++++----------- 2017/2xxx/CVE-2017-2748.json | 34 ++-- 2017/2xxx/CVE-2017-2913.json | 122 ++++++------- 2017/3xxx/CVE-2017-3699.json | 34 ++-- 2017/6xxx/CVE-2017-6220.json | 34 ++-- 2017/6xxx/CVE-2017-6554.json | 160 ++++++++--------- 2017/6xxx/CVE-2017-6776.json | 138 +++++++-------- 2017/7xxx/CVE-2017-7106.json | 170 +++++++++--------- 2017/7xxx/CVE-2017-7467.json | 170 +++++++++--------- 2017/7xxx/CVE-2017-7680.json | 122 ++++++------- 2018/10xxx/CVE-2018-10186.json | 120 ++++++------- 2018/10xxx/CVE-2018-10229.json | 140 +++++++-------- 2018/10xxx/CVE-2018-10482.json | 130 +++++++------- 2018/10xxx/CVE-2018-10892.json | 170 +++++++++--------- 2018/14xxx/CVE-2018-14060.json | 130 +++++++------- 2018/14xxx/CVE-2018-14080.json | 120 ++++++------- 2018/14xxx/CVE-2018-14485.json | 34 ++-- 2018/14xxx/CVE-2018-14707.json | 120 ++++++------- 2018/15xxx/CVE-2018-15031.json | 34 ++-- 2018/15xxx/CVE-2018-15124.json | 128 +++++++------- 2018/20xxx/CVE-2018-20062.json | 120 ++++++------- 2018/20xxx/CVE-2018-20173.json | 120 ++++++------- 2018/20xxx/CVE-2018-20269.json | 34 ++-- 2018/20xxx/CVE-2018-20323.json | 34 ++-- 2018/20xxx/CVE-2018-20436.json | 130 +++++++------- 2018/9xxx/CVE-2018-9042.json | 120 ++++++------- 2018/9xxx/CVE-2018-9125.json | 34 ++-- 2018/9xxx/CVE-2018-9225.json | 34 ++-- 2018/9xxx/CVE-2018-9322.json | 140 +++++++-------- 2018/9xxx/CVE-2018-9958.json | 150 ++++++++-------- 59 files changed, 3615 insertions(+), 3615 deletions(-) diff --git a/2002/0xxx/CVE-2002-0034.json b/2002/0xxx/CVE-2002-0034.json index f7e3bf0d1f1..ccb2ff3339a 100644 --- a/2002/0xxx/CVE-2002-0034.json +++ b/2002/0xxx/CVE-2002-0034.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#361065", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/361065" - }, - { - "name" : "Q237399", - "refsource" : "MS", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];237399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q237399", + "refsource": "MS", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];237399" + }, + { + "name": "VU#361065", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/361065" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0657.json b/2002/0xxx/CVE-2002-0657.json index 2c357c16a7c..c40b6af685e 100644 --- a/2002/0xxx/CVE-2002-0657.json +++ b/2002/0xxx/CVE-2002-0657.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-2002-23", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-23.html" - }, - { - "name" : "VU#561275", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/561275" - }, - { - "name" : "CSSA-2002-033.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt" - }, - { - "name" : "CSSA-2002-033.1", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt" - }, - { - "name" : "FreeBSD-SA-02:33", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc" - }, - { - "name" : "MDKSA-2002:046", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php" - }, - { - "name" : "CLA-2002:513", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513" - }, - { - "name" : "openssl-ssl3-masterkey-bo(9715)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9715.php" - }, - { - "name" : "5361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2002:046", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php" + }, + { + "name": "CSSA-2002-033.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt" + }, + { + "name": "CA-2002-23", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-23.html" + }, + { + "name": "VU#561275", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/561275" + }, + { + "name": "CSSA-2002-033.1", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt" + }, + { + "name": "CLA-2002:513", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513" + }, + { + "name": "FreeBSD-SA-02:33", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc" + }, + { + "name": "openssl-ssl3-masterkey-bo(9715)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9715.php" + }, + { + "name": "5361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5361" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1736.json b/2002/1xxx/CVE-2002-1736.json index 4ad642f7106..0f540ab86d4 100644 --- a/2002/1xxx/CVE-2002-1736.json +++ b/2002/1xxx/CVE-2002-1736.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via \"unfiltered user input.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1003506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003506" - }, - { - "name" : "cginews-view-files(8187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via \"unfiltered user input.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1003506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003506" + }, + { + "name": "cginews-view-files(8187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8187" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1859.json b/2002/1xxx/CVE-2002-1859.json index 5ead37798ce..e305e1ed929 100644 --- a/2002/1xxx/CVE-2002-1859.json +++ b/2002/1xxx/CVE-2002-1859.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot (\"WEB-INF.\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/279582" - }, - { - "name" : "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt", - "refsource" : "MISC", - "url" : "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt" - }, - { - "name" : "5119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5119" - }, - { - "name" : "webinf-dot-file-retrieval(9446)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9446.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot (\"WEB-INF.\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5119" + }, + { + "name": "webinf-dot-file-retrieval(9446)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9446.php" + }, + { + "name": "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt", + "refsource": "MISC", + "url": "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt" + }, + { + "name": "20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/279582" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2062.json b/2002/2xxx/CVE-2002-2062.json index 52bdb614c04..810d9a8e140 100644 --- a/2002/2xxx/CVE-2002-2062.json +++ b/2002/2xxx/CVE-2002-2062.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with \"Enable folder view for FTP sites\" and \"Enable Web content in folders\" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020606 Microsoft Internet Explorer", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0037.html" - }, - { - "name" : "http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html", - "refsource" : "MISC", - "url" : "http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html" - }, - { - "name" : "4954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4954" - }, - { - "name" : "ie-ftp-name-xss(9290)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9290.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with \"Enable folder view for FTP sites\" and \"Enable Web content in folders\" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4954" + }, + { + "name": "http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html", + "refsource": "MISC", + "url": "http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html" + }, + { + "name": "20020606 Microsoft Internet Explorer", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0037.html" + }, + { + "name": "ie-ftp-name-xss(9290)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9290.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2201.json b/2002/2xxx/CVE-2002-2201.json index 233d86d425b..249af5badf1 100644 --- a/2002/2xxx/CVE-2002-2201.json +++ b/2002/2xxx/CVE-2002-2201.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SN-02:05", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc" - }, - { - "name" : "http://www.webmin.com/updates.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/updates.html" - }, - { - "name" : "webmin-printer-shell-commands(10052)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10052.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SN-02:05", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc" + }, + { + "name": "webmin-printer-shell-commands(10052)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10052.php" + }, + { + "name": "http://www.webmin.com/updates.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/updates.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0343.json b/2003/0xxx/CVE-2003-0343.json index 37ea23746e0..60259869540 100644 --- a/2003/0xxx/CVE-2003-0343.json +++ b/2003/0xxx/CVE-2003-0343.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an \"Account does not exist\" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105353283720837&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an \"Account does not exist\" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105353283720837&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0522.json b/2003/0xxx/CVE-2003-0522.json index 7226d9862a1..b106cee388a 100644 --- a/2003/0xxx/CVE-2003-0522.json +++ b/2003/0xxx/CVE-2003-0522.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030704 Another ProductCart SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105733145930031&w=2" - }, - { - "name" : "20030705 Re: Another ProductCart SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105760660928715&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030705 Re: Another ProductCart SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105760660928715&w=2" + }, + { + "name": "20030704 Another ProductCart SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105733145930031&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0643.json b/2003/0xxx/CVE-2003-0643.json index d0e249847ce..30c695b77dc 100644 --- a/2003/0xxx/CVE-2003-0643.json +++ b/2003/0xxx/CVE-2003-0643.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml", - "refsource" : "MISC", - "url" : "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml" - }, - { - "name" : "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch", - "refsource" : "MISC", - "url" : "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch" - }, - { - "name" : "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog" - }, - { - "name" : "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog" - }, - { - "name" : "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch", - "refsource" : "MISC", - "url" : "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch" - }, - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" - }, - { - "name" : "23265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog", + "refsource": "CONFIRM", + "url": "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog" + }, + { + "name": "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch", + "refsource": "MISC", + "url": "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch" + }, + { + "name": "23265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23265" + }, + { + "name": "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml", + "refsource": "MISC", + "url": "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" + }, + { + "name": "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog", + "refsource": "CONFIRM", + "url": "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog" + }, + { + "name": "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch", + "refsource": "MISC", + "url": "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0930.json b/2003/0xxx/CVE-2003-0930.json index ff162b285d1..f00e5d51af7 100644 --- a/2003/0xxx/CVE-2003-0930.json +++ b/2003/0xxx/CVE-2003-0930.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109241692108678&w=2" - }, - { - "name" : "http://www.corsaire.com/advisories/c030807-001.txt", - "refsource" : "MISC", - "url" : "http://www.corsaire.com/advisories/c030807-001.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.corsaire.com/advisories/c030807-001.txt", + "refsource": "MISC", + "url": "http://www.corsaire.com/advisories/c030807-001.txt" + }, + { + "name": "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109241692108678&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1422.json b/2009/1xxx/CVE-2009-1422.json index 2b17acc9279..20e31ef0c41 100644 --- a/2009/1xxx/CVE-2009-1422.json +++ b/2009/1xxx/CVE-2009-1422.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02446", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2" - }, - { - "name" : "SSRT090111", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2" - }, - { - "name" : "1022536", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022536" - }, - { - "name" : "ADV-2009-1869", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1869", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1869" + }, + { + "name": "SSRT090111", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2" + }, + { + "name": "1022536", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022536" + }, + { + "name": "HPSBGN02446", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1442.json b/2009/1xxx/CVE-2009-1442.json index e4fc2ca766a..10770eec8f7 100644 --- a/2009/1xxx/CVE-2009-1442.json +++ b/2009/1xxx/CVE-2009-1442.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=10736", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=10736" - }, - { - "name" : "http://code.google.com/p/skia/source/detail?r=159", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/skia/source/detail?r=159" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html" - }, - { - "name" : "34859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34859" - }, - { - "name" : "54248", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54248" - }, - { - "name" : "1022175", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022175" - }, - { - "name" : "35014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35014" - }, - { - "name" : "ADV-2009-1266", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=10736", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=10736" + }, + { + "name": "ADV-2009-1266", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1266" + }, + { + "name": "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html" + }, + { + "name": "35014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35014" + }, + { + "name": "54248", + "refsource": "OSVDB", + "url": "http://osvdb.org/54248" + }, + { + "name": "1022175", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022175" + }, + { + "name": "34859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34859" + }, + { + "name": "http://code.google.com/p/skia/source/detail?r=159", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/skia/source/detail?r=159" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5046.json b/2009/5xxx/CVE-2009-5046.json index 2404a37919a..1c6d58df427 100644 --- a/2009/5xxx/CVE-2009-5046.json +++ b/2009/5xxx/CVE-2009-5046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0336.json b/2012/0xxx/CVE-2012-0336.json index befb512ad0b..38d0f3cabdc 100644 --- a/2012/0xxx/CVE-2012-0336.json +++ b/2012/0xxx/CVE-2012-0336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0336", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0336", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0471.json b/2012/0xxx/CVE-2012-0471.json index c01bd863501..be6cec643e3 100644 --- a/2012/0xxx/CVE-2012-0471.json +++ b/2012/0xxx/CVE-2012-0471.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-24.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715319", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715319" - }, - { - "name" : "DSA-2457", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2457" - }, - { - "name" : "DSA-2458", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2458" - }, - { - "name" : "DSA-2464", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2464" - }, - { - "name" : "MDVSA-2012:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066" - }, - { - "name" : "MDVSA-2012:081", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081" - }, - { - "name" : "53219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53219" - }, - { - "name" : "oval:org.mitre.oval:def:16961", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961" - }, - { - "name" : "48972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48972" - }, - { - "name" : "49047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49047" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - }, - { - "name" : "48920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48920" - }, - { - "name" : "48922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=715319", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715319" + }, + { + "name": "48922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48922" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-24.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-24.html" + }, + { + "name": "oval:org.mitre.oval:def:16961", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "DSA-2458", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2458" + }, + { + "name": "48920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48920" + }, + { + "name": "53219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53219" + }, + { + "name": "DSA-2457", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2457" + }, + { + "name": "DSA-2464", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2464" + }, + { + "name": "MDVSA-2012:081", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081" + }, + { + "name": "48972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48972" + }, + { + "name": "MDVSA-2012:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066" + }, + { + "name": "49047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49047" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0912.json b/2012/0xxx/CVE-2012-0912.json index 812a24fa057..5b9cff21b93 100644 --- a/2012/0xxx/CVE-2012-0912.json +++ b/2012/0xxx/CVE-2012-0912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf" - }, - { - "name" : "http://www.stone-ware.com/swql.jsp?kb=d1960", - "refsource" : "CONFIRM", - "url" : "http://www.stone-ware.com/swql.jsp?kb=d1960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf", + "refsource": "CONFIRM", + "url": "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf" + }, + { + "name": "http://www.stone-ware.com/swql.jsp?kb=d1960", + "refsource": "CONFIRM", + "url": "http://www.stone-ware.com/swql.jsp?kb=d1960" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0999.json b/2012/0xxx/CVE-2012-0999.json index a1f4fc93343..68fc652b84f 100644 --- a/2012/0xxx/CVE-2012-0999.json +++ b/2012/0xxx/CVE-2012-0999.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.ch/advisory/HTB23072", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/HTB23072" - }, - { - "name" : "http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt", - "refsource" : "CONFIRM", - "url" : "http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt" - }, - { - "name" : "http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php", - "refsource" : "CONFIRM", - "url" : "http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt", + "refsource": "CONFIRM", + "url": "http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt" + }, + { + "name": "http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php", + "refsource": "CONFIRM", + "url": "http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php" + }, + { + "name": "https://www.htbridge.ch/advisory/HTB23072", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/HTB23072" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1341.json b/2012/1xxx/CVE-2012-1341.json index 9d63b69e36d..2c08f44cac7 100644 --- a/2012/1xxx/CVE-2012-1341.json +++ b/2012/1xxx/CVE-2012-1341.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1341", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1341", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3036.json b/2012/3xxx/CVE-2012-3036.json index fe047160a47..84ef7310f20 100644 --- a/2012/3xxx/CVE-2012-3036.json +++ b/2012/3xxx/CVE-2012-3036.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3036", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-3036", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3214.json b/2012/3xxx/CVE-2012-3214.json index ce4505ff2eb..970e2b0a4c7 100644 --- a/2012/3xxx/CVE-2012-3214.json +++ b/2012/3xxx/CVE-2012-3214.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "MS12-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080" - }, - { - "name" : "MS13-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-013" - }, - { - "name" : "TA12-346A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16178", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16178" - }, - { - "name" : "oval:org.mitre.oval:def:16500", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-346A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" + }, + { + "name": "oval:org.mitre.oval:def:16178", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16178" + }, + { + "name": "MS13-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-013" + }, + { + "name": "oval:org.mitre.oval:def:16500", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16500" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "MS12-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3400.json b/2012/3xxx/CVE-2012-3400.json index 806ad091033..716410e0f5e 100644 --- a/2012/3xxx/CVE-2012-3400.json +++ b/2012/3xxx/CVE-2012-3400.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120709 Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/10/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adee11b2085bee90bd8f4f52123ffb07882d6256", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adee11b2085bee90bd8f4f52123ffb07882d6256" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=843139", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=843139" - }, - { - "name" : "https://github.com/torvalds/linux/commit/1df2ae31c724e57be9d7ac00d78db8a5dabdd050", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/1df2ae31c724e57be9d7ac00d78db8a5dabdd050" - }, - { - "name" : "https://github.com/torvalds/linux/commit/adee11b2085bee90bd8f4f52123ffb07882d6256", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/adee11b2085bee90bd8f4f52123ffb07882d6256" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691" - }, - { - "name" : "RHSA-2013:0594", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0594.html" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - }, - { - "name" : "USN-1557-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1557-1" - }, - { - "name" : "USN-1529-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1529-1" - }, - { - "name" : "USN-1555-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1555-1" - }, - { - "name" : "USN-1556-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1556-1" - }, - { - "name" : "50506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1556-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1556-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5" + }, + { + "name": "[oss-security] 20120709 Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/10/2" + }, + { + "name": "USN-1557-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1557-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/adee11b2085bee90bd8f4f52123ffb07882d6256", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/adee11b2085bee90bd8f4f52123ffb07882d6256" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=843139", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843139" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adee11b2085bee90bd8f4f52123ffb07882d6256", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adee11b2085bee90bd8f4f52123ffb07882d6256" + }, + { + "name": "USN-1555-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1555-1" + }, + { + "name": "USN-1529-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1529-1" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691" + }, + { + "name": "https://github.com/torvalds/linux/commit/1df2ae31c724e57be9d7ac00d78db8a5dabdd050", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/1df2ae31c724e57be9d7ac00d78db8a5dabdd050" + }, + { + "name": "RHSA-2013:0594", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0594.html" + }, + { + "name": "50506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50506" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3547.json b/2012/3xxx/CVE-2012-3547.json index 403f8638dcb..f018c4cd511 100644 --- a/2012/3xxx/CVE-2012-3547.json +++ b/2012/3xxx/CVE-2012-3547.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html" - }, - { - "name" : "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/10/2" - }, - { - "name" : "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt", - "refsource" : "MISC", - "url" : "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt" - }, - { - "name" : "http://freeradius.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://freeradius.org/security.html" - }, - { - "name" : "APPLE-SA-2013-10-22-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" - }, - { - "name" : "DSA-2546", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2546" - }, - { - "name" : "FEDORA-2012-15743", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html" - }, - { - "name" : "MDVSA-2012:159", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159" - }, - { - "name" : "RHSA-2012:1327", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1327.html" - }, - { - "name" : "RHSA-2012:1326", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1326.html" - }, - { - "name" : "openSUSE-SU-2012:1200", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html" - }, - { - "name" : "USN-1585-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1585-1" - }, - { - "name" : "55483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55483" - }, - { - "name" : "85325", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85325" - }, - { - "name" : "1027509", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027509" - }, - { - "name" : "50484", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50484" - }, - { - "name" : "50584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50584" - }, - { - "name" : "50637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50637" - }, - { - "name" : "50770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50770" - }, - { - "name" : "freeradius-cbtlsverify-bo(78408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50584" + }, + { + "name": "APPLE-SA-2013-10-22-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" + }, + { + "name": "50637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50637" + }, + { + "name": "USN-1585-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1585-1" + }, + { + "name": "RHSA-2012:1327", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1327.html" + }, + { + "name": "50484", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50484" + }, + { + "name": "DSA-2546", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2546" + }, + { + "name": "55483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55483" + }, + { + "name": "1027509", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027509" + }, + { + "name": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt", + "refsource": "MISC", + "url": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt" + }, + { + "name": "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html" + }, + { + "name": "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/10/2" + }, + { + "name": "MDVSA-2012:159", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159" + }, + { + "name": "openSUSE-SU-2012:1200", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html" + }, + { + "name": "freeradius-cbtlsverify-bo(78408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408" + }, + { + "name": "RHSA-2012:1326", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1326.html" + }, + { + "name": "85325", + "refsource": "OSVDB", + "url": "http://osvdb.org/85325" + }, + { + "name": "50770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50770" + }, + { + "name": "http://freeradius.org/security.html", + "refsource": "CONFIRM", + "url": "http://freeradius.org/security.html" + }, + { + "name": "FEDORA-2012-15743", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3788.json b/2012/3xxx/CVE-2012-3788.json index 67316ea97bd..0b6fbfe33ed 100644 --- a/2012/3xxx/CVE-2012-3788.json +++ b/2012/3xxx/CVE-2012-3788.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3788", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3788", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3944.json b/2012/3xxx/CVE-2012-3944.json index d312d7f5c60..041af73b74b 100644 --- a/2012/3xxx/CVE-2012-3944.json +++ b/2012/3xxx/CVE-2012-3944.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3944", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3944", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4002.json b/2012/4xxx/CVE-2012-4002.json index a15449c5a96..6e9db872586 100644 --- a/2012/4xxx/CVE-2012-4002.json +++ b/2012/4xxx/CVE-2012-4002.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120712 GLPI 0.83.2 CVE-2012-4002 CSRF and CVE-2012-4003 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/13/1" - }, - { - "name" : "https://forge.indepnet.net/issues/3704", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/issues/3704" - }, - { - "name" : "https://forge.indepnet.net/issues/3707", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/issues/3707" - }, - { - "name" : "https://forge.indepnet.net/projects/glpi/versions/771", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/projects/glpi/versions/771" - }, - { - "name" : "MDVSA-2012:132", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120712 GLPI 0.83.2 CVE-2012-4002 CSRF and CVE-2012-4003 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/13/1" + }, + { + "name": "https://forge.indepnet.net/issues/3707", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/issues/3707" + }, + { + "name": "MDVSA-2012:132", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:132" + }, + { + "name": "https://forge.indepnet.net/issues/3704", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/issues/3704" + }, + { + "name": "https://forge.indepnet.net/projects/glpi/versions/771", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/projects/glpi/versions/771" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4150.json b/2012/4xxx/CVE-2012-4150.json index e8dddc27a80..a9bdadb3d7d 100644 --- a/2012/4xxx/CVE-2012-4150.json +++ b/2012/4xxx/CVE-2012-4150.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-4150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "oval:org.mitre.oval:def:16467", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16467", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16467" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4847.json b/2012/4xxx/CVE-2012-4847.json index e2f0905c5c5..d8f3566208a 100644 --- a/2012/4xxx/CVE-2012-4847.json +++ b/2012/4xxx/CVE-2012-4847.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21615445", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21615445" - }, - { - "name" : "cognos-bi-nullbyte-dos(79536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cognos-bi-nullbyte-dos(79536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79536" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21615445", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21615445" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4882.json b/2012/4xxx/CVE-2012-4882.json index 38d2e053266..048a39578fc 100644 --- a/2012/4xxx/CVE-2012-4882.json +++ b/2012/4xxx/CVE-2012-4882.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "48923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48923" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2526.json b/2017/2xxx/CVE-2017-2526.json index a0f5e9e8f03..858344ed6c2 100644 --- a/2017/2xxx/CVE-2017-2526.json +++ b/2017/2xxx/CVE-2017-2526.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98474" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "98474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98474" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2625.json b/2017/2xxx/CVE-2017-2625.json index 3ad9c9bdaf1..cbf9a076634 100644 --- a/2017/2xxx/CVE-2017-2625.json +++ b/2017/2xxx/CVE-2017-2625.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libXdmcp", - "version" : { - "version_data" : [ - { - "version_value" : "1.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Xorg" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-331" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libXdmcp", + "version": { + "version_data": [ + { + "version_value": "1.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Xorg" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f" - }, - { - "name" : "GLSA-201704-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-03" - }, - { - "name" : "RHSA-2017:1865", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1865" - }, - { - "name" : "96480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96480" - }, - { - "name" : "1037919", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-331" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201704-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-03" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625" + }, + { + "name": "RHSA-2017:1865", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1865" + }, + { + "name": "1037919", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037919" + }, + { + "name": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f" + }, + { + "name": "96480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96480" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2748.json b/2017/2xxx/CVE-2017-2748.json index 3ed4990f463..bdc1f41c050 100644 --- a/2017/2xxx/CVE-2017-2748.json +++ b/2017/2xxx/CVE-2017-2748.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2748", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2748", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2913.json b/2017/2xxx/CVE-2017-2913.json index 869a3b57a89..6b75edb0683 100644 --- a/2017/2xxx/CVE-2017-2913.json +++ b/2017/2xxx/CVE-2017-2913.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-2913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Circle", - "version" : { - "version_data" : [ - { - "version_value" : "firmware 2.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Circle Media" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-2913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Circle", + "version": { + "version_data": [ + { + "version_value": "firmware 2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Circle Media" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0420", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0420", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0420" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3699.json b/2017/3xxx/CVE-2017-3699.json index 28171a7d7f2..4e9fab25deb 100644 --- a/2017/3xxx/CVE-2017-3699.json +++ b/2017/3xxx/CVE-2017-3699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3699", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3699", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6220.json b/2017/6xxx/CVE-2017-6220.json index 8badacb3d13..e0b0a716175 100644 --- a/2017/6xxx/CVE-2017-6220.json +++ b/2017/6xxx/CVE-2017-6220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6220", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6220", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6554.json b/2017/6xxx/CVE-2017-6554.json index ff779e70c3e..b70715c3a45 100644 --- a/2017/6xxx/CVE-2017-6554.json +++ b/2017/6xxx/CVE-2017-6554.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41861", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41861/" - }, - { - "name" : "http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html" - }, - { - "name" : "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/", - "refsource" : "MISC", - "url" : "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/" - }, - { - "name" : "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824", - "refsource" : "CONFIRM", - "url" : "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824" - }, - { - "name" : "97686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824", + "refsource": "CONFIRM", + "url": "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824" + }, + { + "name": "97686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97686" + }, + { + "name": "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/", + "refsource": "MISC", + "url": "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/" + }, + { + "name": "http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html" + }, + { + "name": "41861", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41861/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6776.json b/2017/6xxx/CVE-2017-6776.json index e61a82f8371..7a9485c8a64 100644 --- a/2017/6xxx/CVE-2017-6776.json +++ b/2017/6xxx/CVE-2017-6776.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2017-08-16T00:00:00", - "ID" : "CVE-2017-6776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Elastic Services Controller", - "version" : { - "version_data" : [ - { - "version_value" : "2.2(9.76)" - }, - { - "version_value" : "2.3(1)" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2017-08-16T00:00:00", + "ID": "CVE-2017-6776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elastic Services Controller", + "version": { + "version_data": [ + { + "version_value": "2.2(9.76)" + }, + { + "version_value": "2.3(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170816 Cisco Elastic Services Controller Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2" - }, - { - "name" : "100370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170816 Cisco Elastic Services Controller Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2" + }, + { + "name": "100370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100370" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7106.json b/2017/7xxx/CVE-2017-7106.json index 999ff67c18d..79a1e0e0094 100644 --- a/2017/7xxx/CVE-2017-7106.json +++ b/2017/7xxx/CVE-2017-7106.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "https://support.apple.com/HT208142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208142" - }, - { - "name" : "100893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100893" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - }, - { - "name" : "1039385", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "https://support.apple.com/HT208142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208142" + }, + { + "name": "1039385", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039385" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "100893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100893" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7467.json b/2017/7xxx/CVE-2017-7467.json index 208ce88db28..8c66002aaea 100644 --- a/2017/7xxx/CVE-2017-7467.json +++ b/2017/7xxx/CVE-2017-7467.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2017-7467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "minicom", - "version" : { - "version_data" : [ - { - "version_value" : "minicom 2.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.0/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "minicom", + "version": { + "version_data": [ + { + "version_value": "minicom 2.7.1" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170418 CVE-2017-7467: minicom and prl-vzvncserver vt100.c escparms[] buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/04/18/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7467", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7467" - }, - { - "name" : "GLSA-201706-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-13" - }, - { - "name" : "97966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.0/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170418 CVE-2017-7467: minicom and prl-vzvncserver vt100.c escparms[] buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/04/18/5" + }, + { + "name": "97966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97966" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7467", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7467" + }, + { + "name": "GLSA-201706-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-13" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7680.json b/2017/7xxx/CVE-2017-7680.json index 17bebaac4bf..beb81c72b3c 100644 --- a/2017/7xxx/CVE-2017-7680.json +++ b/2017/7xxx/CVE-2017-7680.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-07-13T00:00:00", - "ID" : "CVE-2017-7680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache OpenMeetings", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure crossdomain.xml policy" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-07-13T00:00:00", + "ID": "CVE-2017-7680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache OpenMeetings", + "version": { + "version_data": [ + { + "version_value": "1.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy", - "refsource" : "MLIST", - "url" : "http://markmail.org/message/whhibri7ervbjvda" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure crossdomain.xml policy" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy", + "refsource": "MLIST", + "url": "http://markmail.org/message/whhibri7ervbjvda" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10186.json b/2018/10xxx/CVE-2018-10186.json index dfc79a86f0f..35674a59ff2 100644 --- a/2018/10xxx/CVE-2018-10186.json +++ b/2018/10xxx/CVE-2018-10186.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/issues/9915", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/9915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/9915", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/9915" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10229.json b/2018/10xxx/CVE-2018-10229.json index ba3eae80c2b..34580f2e1fc 100644 --- a/2018/10xxx/CVE-2018-10229.json +++ b/2018/10xxx/CVE-2018-10229.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf", - "refsource" : "MISC", - "url" : "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf" - }, - { - "name" : "VU#283803", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/283803" - }, - { - "name" : "104084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104084" + }, + { + "name": "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf", + "refsource": "MISC", + "url": "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf" + }, + { + "name": "VU#283803", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/283803" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10482.json b/2018/10xxx/CVE-2018-10482.json index 019c41059de..3c8b7e01909 100644 --- a/2018/10xxx/CVE-2018-10482.json +++ b/2018/10xxx/CVE-2018-10482.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-10482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the U3D Texture Image Format object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5409." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-10482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-392", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-392" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the U3D Texture Image Format object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5409." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-392", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-392" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10892.json b/2018/10xxx/CVE-2018-10892.json index 8442b90c0eb..84f4bb4cb41 100644 --- a/2018/10xxx/CVE-2018-10892.json +++ b/2018/10xxx/CVE-2018-10892.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "docker", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-250" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "docker", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892" - }, - { - "name" : "https://github.com/moby/moby/pull/37404", - "refsource" : "CONFIRM", - "url" : "https://github.com/moby/moby/pull/37404" - }, - { - "name" : "RHSA-2018:2482", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2482" - }, - { - "name" : "RHSA-2018:2729", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/moby/moby/pull/37404", + "refsource": "CONFIRM", + "url": "https://github.com/moby/moby/pull/37404" + }, + { + "name": "RHSA-2018:2729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2729" + }, + { + "name": "RHSA-2018:2482", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2482" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14060.json b/2018/14xxx/CVE-2018-14060.json index 1222c1ddbe0..4a046c8b3cd 100644 --- a/2018/14xxx/CVE-2018-14060.json +++ b/2018/14xxx/CVE-2018-14060.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04520", - "refsource" : "MISC", - "url" : "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04520" - }, - { - "name" : "https://github.com/cc-crack/router/blob/master/CNVD-2018-04520.py", - "refsource" : "MISC", - "url" : "https://github.com/cc-crack/router/blob/master/CNVD-2018-04520.py" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04520", + "refsource": "MISC", + "url": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04520" + }, + { + "name": "https://github.com/cc-crack/router/blob/master/CNVD-2018-04520.py", + "refsource": "MISC", + "url": "https://github.com/cc-crack/router/blob/master/CNVD-2018-04520.py" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14080.json b/2018/14xxx/CVE-2018-14080.json index f165a58e3f9..9667941f4ac 100644 --- a/2018/14xxx/CVE-2018-14080.json +++ b/2018/14xxx/CVE-2018-14080.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/", - "refsource" : "MISC", - "url" : "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/", + "refsource": "MISC", + "url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14485.json b/2018/14xxx/CVE-2018-14485.json index 164868e8968..1a360aa1636 100644 --- a/2018/14xxx/CVE-2018-14485.json +++ b/2018/14xxx/CVE-2018-14485.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14485", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14485", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14707.json b/2018/14xxx/CVE-2018-14707.json index e96fa7963c8..adef4a449fd 100644 --- a/2018/14xxx/CVE-2018-14707.json +++ b/2018/14xxx/CVE-2018-14707.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15031.json b/2018/15xxx/CVE-2018-15031.json index 7fed9e1b393..ca7dc4b7131 100644 --- a/2018/15xxx/CVE-2018-15031.json +++ b/2018/15xxx/CVE-2018-15031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15031", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15031", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15124.json b/2018/15xxx/CVE-2018-15124.json index 6efdcb2529f..cd7d61ca623 100644 --- a/2018/15xxx/CVE-2018-15124.json +++ b/2018/15xxx/CVE-2018-15124.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2018-08-08T00:00:00", - "ID" : "CVE-2018-15124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Zipato Zipabox Smart Home Controller", - "version" : { - "version_data" : [ - { - "version_value" : "BOARD REV - 1" - }, - { - "version_value" : "SYSTEM VERSION -118" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Weak hashing algorithm" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2018-08-08T00:00:00", + "ID": "CVE-2018-15124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zipato Zipabox Smart Home Controller", + "version": { + "version_data": [ + { + "version_value": "BOARD REV - 1" + }, + { + "version_value": "SYSTEM VERSION -118" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak hashing algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20062.json b/2018/20xxx/CVE-2018-20062.json index 60b985fd23c..ae5ab8a25d8 100644 --- a/2018/20xxx/CVE-2018-20062.json +++ b/2018/20xxx/CVE-2018-20062.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\\think\\Request/input&filter=phpinfo&data=1 query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nangge/noneCms/issues/21", - "refsource" : "MISC", - "url" : "https://github.com/nangge/noneCms/issues/21" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\\think\\Request/input&filter=phpinfo&data=1 query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nangge/noneCms/issues/21", + "refsource": "MISC", + "url": "https://github.com/nangge/noneCms/issues/21" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20173.json b/2018/20xxx/CVE-2018-20173.json index f41f128ac3c..b10671d0d1a 100644 --- a/2018/20xxx/CVE-2018-20173.json +++ b/2018/20xxx/CVE-2018-20173.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.manageengine.com/network-monitoring/help/read-me.html", - "refsource" : "MISC", - "url" : "https://www.manageengine.com/network-monitoring/help/read-me.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/network-monitoring/help/read-me.html", + "refsource": "MISC", + "url": "https://www.manageengine.com/network-monitoring/help/read-me.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20269.json b/2018/20xxx/CVE-2018-20269.json index fb32387f0ad..8801ea2f4da 100644 --- a/2018/20xxx/CVE-2018-20269.json +++ b/2018/20xxx/CVE-2018-20269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20269", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20269", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20323.json b/2018/20xxx/CVE-2018-20323.json index a76e7856687..84a13277811 100644 --- a/2018/20xxx/CVE-2018-20323.json +++ b/2018/20xxx/CVE-2018-20323.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20323", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20323", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20436.json b/2018/20xxx/CVE-2018-20436.json index fd1d56d8d72..e3696947e73 100644 --- a/2018/20xxx/CVE-2018-20436.json +++ b/2018/20xxx/CVE-2018-20436.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The \"secret chat\" feature in Telegram 4.9.1 for Android has a \"side channel\" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the \"Secret chats > Preview links\" setting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.html" - }, - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The \"secret chat\" feature in Telegram 4.9.1 for Android has a \"side channel\" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the \"Secret chats > Preview links\" setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.html" + }, + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9042.json b/2018/9xxx/CVE-2018-9042.json index 3abe20e393b..37fd09ea0d6 100644 --- a/2018/9xxx/CVE-2018-9042.json +++ b/2018/9xxx/CVE-2018-9042.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402000", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402000", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402000" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9125.json b/2018/9xxx/CVE-2018-9125.json index 3eb6ef938bc..0e4e3d2a212 100644 --- a/2018/9xxx/CVE-2018-9125.json +++ b/2018/9xxx/CVE-2018-9125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9125", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9125", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9225.json b/2018/9xxx/CVE-2018-9225.json index f4b42e510f3..c07568648c3 100644 --- a/2018/9xxx/CVE-2018-9225.json +++ b/2018/9xxx/CVE-2018-9225.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9225", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9225", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9322.json b/2018/9xxx/CVE-2018-9322.json index 13eed6d089d..11602a6b59f 100644 --- a/2018/9xxx/CVE-2018-9322.json +++ b/2018/9xxx/CVE-2018-9322.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf", - "refsource" : "MISC", - "url" : "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf" - }, - { - "name" : "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/", - "refsource" : "MISC", - "url" : "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/" - }, - { - "name" : "104258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf", + "refsource": "MISC", + "url": "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf" + }, + { + "name": "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/", + "refsource": "MISC", + "url": "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/" + }, + { + "name": "104258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104258" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9958.json b/2018/9xxx/CVE-2018-9958.json index ef1f3510c10..17e4b0b4912 100644 --- a/2018/9xxx/CVE-2018-9958.json +++ b/2018/9xxx/CVE-2018-9958.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44941", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44941/" - }, - { - "name" : "45269", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45269/" - }, - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-342", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-342" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-342", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-342" + }, + { + "name": "44941", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44941/" + }, + { + "name": "45269", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45269/" + } + ] + } +} \ No newline at end of file