From 7ca814900d7bdeb117c607d2233bd49a71504c4a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:33:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1665.json | 140 ++++----- 2002/1xxx/CVE-2002-1797.json | 150 +++++----- 2003/0xxx/CVE-2003-0542.json | 510 ++++++++++++++++----------------- 2003/0xxx/CVE-2003-0758.json | 170 +++++------ 2003/0xxx/CVE-2003-0907.json | 220 +++++++------- 2003/0xxx/CVE-2003-0988.json | 230 +++++++-------- 2003/1xxx/CVE-2003-1191.json | 170 +++++------ 2003/1xxx/CVE-2003-1420.json | 140 ++++----- 2004/2xxx/CVE-2004-2228.json | 170 +++++------ 2004/2xxx/CVE-2004-2688.json | 150 +++++----- 2008/2xxx/CVE-2008-2590.json | 200 ++++++------- 2012/0xxx/CVE-2012-0262.json | 170 +++++------ 2012/0xxx/CVE-2012-0504.json | 220 +++++++------- 2012/0xxx/CVE-2012-0563.json | 170 +++++------ 2012/0xxx/CVE-2012-0623.json | 200 ++++++------- 2012/0xxx/CVE-2012-0747.json | 160 +++++------ 2012/0xxx/CVE-2012-0812.json | 34 +-- 2012/1xxx/CVE-2012-1008.json | 150 +++++----- 2012/1xxx/CVE-2012-1404.json | 120 ++++---- 2012/1xxx/CVE-2012-1718.json | 350 +++++++++++----------- 2012/1xxx/CVE-2012-1872.json | 130 ++++----- 2012/4xxx/CVE-2012-4147.json | 140 ++++----- 2012/5xxx/CVE-2012-5129.json | 140 ++++----- 2012/5xxx/CVE-2012-5329.json | 140 ++++----- 2012/5xxx/CVE-2012-5744.json | 120 ++++---- 2017/3xxx/CVE-2017-3344.json | 166 +++++------ 2017/3xxx/CVE-2017-3551.json | 142 ++++----- 2017/3xxx/CVE-2017-3873.json | 140 ++++----- 2017/6xxx/CVE-2017-6135.json | 132 ++++----- 2017/6xxx/CVE-2017-6849.json | 120 ++++---- 2017/6xxx/CVE-2017-6930.json | 122 ++++---- 2017/7xxx/CVE-2017-7234.json | 150 +++++----- 2017/7xxx/CVE-2017-7487.json | 190 ++++++------ 2017/7xxx/CVE-2017-7488.json | 150 +++++----- 2017/8xxx/CVE-2017-8373.json | 140 ++++----- 2018/10xxx/CVE-2018-10003.json | 34 +-- 2018/10xxx/CVE-2018-10369.json | 120 ++++---- 2018/10xxx/CVE-2018-10493.json | 130 ++++----- 2018/10xxx/CVE-2018-10550.json | 120 ++++---- 2018/13xxx/CVE-2018-13365.json | 34 +-- 2018/13xxx/CVE-2018-13493.json | 130 ++++----- 2018/17xxx/CVE-2018-17166.json | 34 +-- 2018/17xxx/CVE-2018-17537.json | 34 +-- 2018/17xxx/CVE-2018-17713.json | 34 +-- 2018/17xxx/CVE-2018-17902.json | 132 ++++----- 2018/20xxx/CVE-2018-20270.json | 34 +-- 2018/20xxx/CVE-2018-20574.json | 120 ++++---- 2018/9xxx/CVE-2018-9384.json | 34 +-- 2018/9xxx/CVE-2018-9527.json | 130 ++++----- 2018/9xxx/CVE-2018-9975.json | 130 ++++----- 50 files changed, 3598 insertions(+), 3598 deletions(-) diff --git a/2002/1xxx/CVE-2002-1665.json b/2002/1xxx/CVE-2002-1665.json index cb66b9d4f0b..cd826cd32cf 100644 --- a/2002/1xxx/CVE-2002-1665.json +++ b/2002/1xxx/CVE-2002-1665.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020221 Remote crashes in Yahoo messenger", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101439616623230&w=2" - }, - { - "name" : "CA-2002-16", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-16.html" - }, - { - "name" : "VU#755755", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/755755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2002-16", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-16.html" + }, + { + "name": "20020221 Remote crashes in Yahoo messenger", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101439616623230&w=2" + }, + { + "name": "VU#755755", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/755755" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1797.json b/2002/1xxx/CVE-2002-1797.json index 407ddc858e3..5c35daac23c 100644 --- a/2002/1xxx/CVE-2002-1797.json +++ b/2002/1xxx/CVE-2002-1797.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020727 Phenoelit Advisory #0815 +--", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/284648" - }, - { - "name" : "http://www.phenoelit.de/stuff/HP_Chai.txt", - "refsource" : "MISC", - "url" : "http://www.phenoelit.de/stuff/HP_Chai.txt" - }, - { - "name" : "5332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5332" - }, - { - "name" : "hp-chaivm-unauth-access(9694)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9694.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-chaivm-unauth-access(9694)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9694.php" + }, + { + "name": "http://www.phenoelit.de/stuff/HP_Chai.txt", + "refsource": "MISC", + "url": "http://www.phenoelit.de/stuff/HP_Chai.txt" + }, + { + "name": "5332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5332" + }, + { + "name": "20020727 Phenoelit Advisory #0815 +--", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/284648" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0542.json b/2003/0xxx/CVE-2003-0542.json index ab84b9b8ff5..624e39e0107 100644 --- a/2003/0xxx/CVE-2003-0542.json +++ b/2003/0xxx/CVE-2003-0542.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://httpd.apache.org/dist/httpd/Announcement2.html", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/dist/httpd/Announcement2.html" - }, - { - "name" : "APPLE-SA-2004-01-26", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" - }, - { - "name" : "HPSBOV02683", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "SSRT090208", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/342674" - }, - { - "name" : "20031031 GLSA: apache (200310-04)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106761802305141&w=2" - }, - { - "name" : "HPSBUX0311-301", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/6079" - }, - { - "name" : "MDKSA-2003:103", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103" - }, - { - "name" : "RHSA-2003:320", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-320.html" - }, - { - "name" : "RHSA-2003:360", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-360.html" - }, - { - "name" : "RHSA-2003:405", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-405.html" - }, - { - "name" : "RHSA-2004:015", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-015.html" - }, - { - "name" : "RHSA-2005:816", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html" - }, - { - "name" : "SCOSA-2004.6", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt" - }, - { - "name" : "20031203-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc" - }, - { - "name" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=61798", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=61798" - }, - { - "name" : "20040202-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" - }, - { - "name" : "101444", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1" - }, - { - "name" : "101841", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1" - }, - { - "name" : "VU#434566", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/434566" - }, - { - "name" : "VU#549142", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/549142" - }, - { - "name" : "8911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8911" - }, - { - "name" : "9504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9504" - }, - { - "name" : "oval:org.mitre.oval:def:863", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863" - }, - { - "name" : "oval:org.mitre.oval:def:864", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864" - }, - { - "name" : "oval:org.mitre.oval:def:3799", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799" - }, - { - "name" : "oval:org.mitre.oval:def:9458", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458" - }, - { - "name" : "10096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10096" - }, - { - "name" : "10098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10098" - }, - { - "name" : "10102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10102" - }, - { - "name" : "10112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10112" - }, - { - "name" : "10114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10114" - }, - { - "name" : "10153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10153" - }, - { - "name" : "10260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10260" - }, - { - "name" : "10264", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10264" - }, - { - "name" : "10463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10463" - }, - { - "name" : "10580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10580" - }, - { - "name" : "10593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10593" - }, - { - "name" : "apache-modalias-modrewrite-bo(13400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040202-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" + }, + { + "name": "RHSA-2004:015", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-015.html" + }, + { + "name": "10112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10112" + }, + { + "name": "VU#434566", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/434566" + }, + { + "name": "10593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10593" + }, + { + "name": "MDKSA-2003:103", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103" + }, + { + "name": "RHSA-2003:360", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-360.html" + }, + { + "name": "SSRT090208", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "http://httpd.apache.org/dist/httpd/Announcement2.html", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/dist/httpd/Announcement2.html" + }, + { + "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" + }, + { + "name": "APPLE-SA-2004-01-26", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" + }, + { + "name": "SCOSA-2004.6", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt" + }, + { + "name": "RHSA-2003:405", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-405.html" + }, + { + "name": "oval:org.mitre.oval:def:3799", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799" + }, + { + "name": "9504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9504" + }, + { + "name": "20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/342674" + }, + { + "name": "20031203-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc" + }, + { + "name": "oval:org.mitre.oval:def:9458", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458" + }, + { + "name": "10102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10102" + }, + { + "name": "apache-modalias-modrewrite-bo(13400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13400" + }, + { + "name": "HPSBUX0311-301", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/6079" + }, + { + "name": "RHSA-2005:816", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" + }, + { + "name": "10153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10153" + }, + { + "name": "10098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10098" + }, + { + "name": "HPSBOV02683", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "10264", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10264" + }, + { + "name": "oval:org.mitre.oval:def:864", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864" + }, + { + "name": "10580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10580" + }, + { + "name": "101841", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1" + }, + { + "name": "RHSA-2003:320", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-320.html" + }, + { + "name": "101444", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1" + }, + { + "name": "10260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10260" + }, + { + "name": "10463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10463" + }, + { + "name": "20031031 GLSA: apache (200310-04)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106761802305141&w=2" + }, + { + "name": "VU#549142", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/549142" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=61798", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=61798" + }, + { + "name": "10096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10096" + }, + { + "name": "10114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10114" + }, + { + "name": "8911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8911" + }, + { + "name": "oval:org.mitre.oval:def:863", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0758.json b/2003/0xxx/CVE-2003-0758.json index ed18fd985c5..80ca4b6fd68 100644 --- a/2003/0xxx/CVE-2003-0758.json +++ b/2003/0xxx/CVE-2003-0758.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106389919618721&w=2" - }, - { - "name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html" - }, - { - "name" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10" - }, - { - "name" : "N-154", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-154.shtml" - }, - { - "name" : "8552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8552" - }, - { - "name" : "ibm-db2-db2dart-bo(13218)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "N-154", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-154.shtml" + }, + { + "name": "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html" + }, + { + "name": "ibm-db2-db2dart-bo(13218)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13218" + }, + { + "name": "8552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8552" + }, + { + "name": "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106389919618721&w=2" + }, + { + "name": "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10", + "refsource": "MISC", + "url": "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0907.json b/2003/0xxx/CVE-2003-0907.json index cc58693aaa0..f8d18a5de01 100644 --- a/2003/0xxx/CVE-2003-0907.json +++ b/2003/0xxx/CVE-2003-0907.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040413 Microsoft Help and Support Center argument injection vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html" - }, - { - "name" : "20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108196864221676&w=2" - }, - { - "name" : "http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities" - }, - { - "name" : "MS04-011", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011" - }, - { - "name" : "TA04-104A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" - }, - { - "name" : "VU#260588", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/260588" - }, - { - "name" : "O-114", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml" - }, - { - "name" : "10119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10119" - }, - { - "name" : "oval:org.mitre.oval:def:1000", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1000" - }, - { - "name" : "oval:org.mitre.oval:def:904", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A904" - }, - { - "name" : "win-hcpurl-code-execution(15704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "O-114", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-114.shtml" + }, + { + "name": "VU#260588", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/260588" + }, + { + "name": "10119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10119" + }, + { + "name": "oval:org.mitre.oval:def:1000", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1000" + }, + { + "name": "MS04-011", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011" + }, + { + "name": "oval:org.mitre.oval:def:904", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A904" + }, + { + "name": "TA04-104A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" + }, + { + "name": "20040413 Microsoft Help and Support Center argument injection vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html" + }, + { + "name": "20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108196864221676&w=2" + }, + { + "name": "http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities", + "refsource": "MISC", + "url": "http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities" + }, + { + "name": "win-hcpurl-code-execution(15704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15704" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0988.json b/2003/0xxx/CVE-2003-0988.json index 7ef2ad62c5d..bf74dc24d7f 100644 --- a/2003/0xxx/CVE-2003-0988.json +++ b/2003/0xxx/CVE-2003-0988.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040114 KDE Security Advisory: VCF file information reader vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107412130407906&w=2" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20040114-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20040114-1.txt" - }, - { - "name" : "CLA-2004:810", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810" - }, - { - "name" : "GLSA-200404-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200404-02.xml" - }, - { - "name" : "MDKSA-2004:003", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003" - }, - { - "name" : "RHSA-2004:005", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-005.html" - }, - { - "name" : "RHSA-2004:006", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-006.html" - }, - { - "name" : "VU#820798", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/820798" - }, - { - "name" : "9419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9419" - }, - { - "name" : "kde-kdepim-bo(14833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14833" - }, - { - "name" : "oval:org.mitre.oval:def:858", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858" - }, - { - "name" : "oval:org.mitre.oval:def:865", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:865", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865" + }, + { + "name": "20040114 KDE Security Advisory: VCF file information reader vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107412130407906&w=2" + }, + { + "name": "GLSA-200404-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200404-02.xml" + }, + { + "name": "oval:org.mitre.oval:def:858", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858" + }, + { + "name": "kde-kdepim-bo(14833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14833" + }, + { + "name": "RHSA-2004:005", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-005.html" + }, + { + "name": "CLA-2004:810", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810" + }, + { + "name": "MDKSA-2004:003", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003" + }, + { + "name": "VU#820798", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/820798" + }, + { + "name": "http://www.kde.org/info/security/advisory-20040114-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20040114-1.txt" + }, + { + "name": "RHSA-2004:006", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-006.html" + }, + { + "name": "9419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9419" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1191.json b/2003/1xxx/CVE-2003-1191.json index 3c411351486..eac66447aa7 100644 --- a/2003/1xxx/CVE-2003-1191.json +++ b/2003/1xxx/CVE-2003-1191.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031029 E107 DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html" - }, - { - "name" : "http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21", - "refsource" : "MISC", - "url" : "http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21" - }, - { - "name" : "8930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8930" - }, - { - "name" : "2753", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2753" - }, - { - "name" : "10115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10115" - }, - { - "name" : "e107chatboxdos(13553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8930" + }, + { + "name": "http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21", + "refsource": "MISC", + "url": "http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21" + }, + { + "name": "20031029 E107 DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html" + }, + { + "name": "e107chatboxdos(13553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13553" + }, + { + "name": "10115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10115" + }, + { + "name": "2753", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2753" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1420.json b/2003/1xxx/CVE-2003-1420.json index 24867e7f840..bfa72d7f163 100644 --- a/2003/1xxx/CVE-2003-1420.json +++ b/2003/1xxx/CVE-2003-1420.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030226 Secunia Research: Opera browser Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313216" - }, - { - "name" : "6962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6962" - }, - { - "name" : "opera-automatic-redirection-xss(11423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opera-automatic-redirection-xss(11423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11423" + }, + { + "name": "6962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6962" + }, + { + "name": "20030226 Secunia Research: Opera browser Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313216" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2228.json b/2004/2xxx/CVE-2004-2228.json index 4dbb72e877c..9473af5f31c 100644 --- a/2004/2xxx/CVE-2004-2228.json +++ b/2004/2xxx/CVE-2004-2228.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200501-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200501-03.xml" - }, - { - "name" : "11644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11644" - }, - { - "name" : "11592", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11592" - }, - { - "name" : "13144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13144" - }, - { - "name" : "13724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13724" - }, - { - "name" : "mozilla-firefox-gain-privileges(18017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11592", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11592" + }, + { + "name": "13724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13724" + }, + { + "name": "13144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13144" + }, + { + "name": "GLSA-200501-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200501-03.xml" + }, + { + "name": "mozilla-firefox-gain-privileges(18017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18017" + }, + { + "name": "11644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11644" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2688.json b/2004/2xxx/CVE-2004-2688.json index 925bf15bbcb..34d9edd96ea 100644 --- a/2004/2xxx/CVE-2004-2688.json +++ b/2004/2xxx/CVE-2004-2688.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040415 Re: XSS, Admin Access via Cookie and File Upload vulnerability in NewsPHP.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-04/0161.html" - }, - { - "name" : "1009740", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2004/Apr/1009740.html" - }, - { - "name" : "11346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11346" - }, - { - "name" : "newsphp-index-xss(15837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11346" + }, + { + "name": "1009740", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2004/Apr/1009740.html" + }, + { + "name": "newsphp-index-xss(15837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15837" + }, + { + "name": "20040415 Re: XSS, Admin Access via Cookie and File Upload vulnerability in NewsPHP.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0161.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2590.json b/2008/2xxx/CVE-2008-2590.json index 6110ec98e6b..5cd55eb6531 100644 --- a/2008/2xxx/CVE-2008-2590.json +++ b/2008/2xxx/CVE-2008-2590.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020496", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020496" - }, - { - "name" : "1020499", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020499" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "1020496", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020496" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "1020499", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020499" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0262.json b/2012/0xxx/CVE-2012-0262.json index cb3f9c06df4..8153538a54a 100644 --- a/2012/0xxx/CVE-2012-0262.json +++ b/2012/0xxx/CVE-2012-0262.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120107 OP5 Monitor - Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Jan/62" - }, - { - "name" : "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf", - "refsource" : "MISC", - "url" : "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf" - }, - { - "name" : "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/", - "refsource" : "CONFIRM", - "url" : "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/" - }, - { - "name" : "https://bugs.op5.com/view.php?id=5094", - "refsource" : "CONFIRM", - "url" : "https://bugs.op5.com/view.php?id=5094" - }, - { - "name" : "78065", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78065" - }, - { - "name" : "47417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.op5.com/view.php?id=5094", + "refsource": "CONFIRM", + "url": "https://bugs.op5.com/view.php?id=5094" + }, + { + "name": "47417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47417" + }, + { + "name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/", + "refsource": "CONFIRM", + "url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/" + }, + { + "name": "20120107 OP5 Monitor - Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Jan/62" + }, + { + "name": "78065", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78065" + }, + { + "name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf", + "refsource": "MISC", + "url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0504.json b/2012/0xxx/CVE-2012-0504.json index 3204ae3b580..7f022861af7 100644 --- a/2012/0xxx/CVE-2012-0504.json +++ b/2012/0xxx/CVE-2012-0504.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBUX02757", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2" - }, - { - "name" : "HPSBUX02784", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2" - }, - { - "name" : "SSRT100779", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100871", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "52020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52020" - }, - { - "name" : "oval:org.mitre.oval:def:14890", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14890" - }, - { - "name" : "48589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX02784", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "48589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48589" + }, + { + "name": "oval:org.mitre.oval:def:14890", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14890" + }, + { + "name": "52020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52020" + }, + { + "name": "SSRT100871", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2" + }, + { + "name": "HPSBUX02757", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "SSRT100779", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0563.json b/2012/0xxx/CVE-2012-0563.json index 06df4ec5a90..d9b78c1b58a 100644 --- a/2012/0xxx/CVE-2012-0563.json +++ b/2012/0xxx/CVE-2012-0563.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54557" - }, - { - "name" : "83928", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83928" - }, - { - "name" : "1027274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027274" - }, - { - "name" : "solaris-kerberosklist-dos(77056)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "83928", + "refsource": "OSVDB", + "url": "http://osvdb.org/83928" + }, + { + "name": "1027274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027274" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "54557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54557" + }, + { + "name": "solaris-kerberosklist-dos(77056)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77056" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0623.json b/2012/0xxx/CVE-2012-0623.json index b6aa5950a43..c0c8397714e 100644 --- a/2012/0xxx/CVE-2012-0623.json +++ b/2012/0xxx/CVE-2012-0623.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "oval:org.mitre.oval:def:17431", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17431" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "oval:org.mitre.oval:def:17431", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17431" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0747.json b/2012/0xxx/CVE-2012-0747.json index 3283bf417ff..00f5de313fa 100644 --- a/2012/0xxx/CVE-2012-0747.json +++ b/2012/0xxx/CVE-2012-0747.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" - }, - { - "name" : "IV16032", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032" - }, - { - "name" : "85186", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85186" - }, - { - "name" : "50551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50551" - }, - { - "name" : "ibm-maximo-sql-injection-iv16032(74731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "85186", + "refsource": "OSVDB", + "url": "http://osvdb.org/85186" + }, + { + "name": "IV16032", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032" + }, + { + "name": "50551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50551" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" + }, + { + "name": "ibm-maximo-sql-injection-iv16032(74731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0812.json b/2012/0xxx/CVE-2012-0812.json index 9d3af8f0d6c..d3d6b04fd3f 100644 --- a/2012/0xxx/CVE-2012-0812.json +++ b/2012/0xxx/CVE-2012-0812.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0812", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0812", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1008.json b/2012/1xxx/CVE-2012-1008.json index 9f92843581a..d009ed34361 100644 --- a/2012/1xxx/CVE-2012-1008.json +++ b/2012/1xxx/CVE-2012-1008.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18453", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18453" - }, - { - "name" : "http://secpod.org/advisories/SecPod_Exploit_OfficeSIP_Server_DOS_Vuln.txt", - "refsource" : "MISC", - "url" : "http://secpod.org/advisories/SecPod_Exploit_OfficeSIP_Server_DOS_Vuln.txt" - }, - { - "name" : "http://secpod.org/blog/?p=461", - "refsource" : "MISC", - "url" : "http://secpod.org/blog/?p=461" - }, - { - "name" : "http://secpod.org/exploits/SecPod_Exploit_OfficeSIP_Server_DOS.py", - "refsource" : "MISC", - "url" : "http://secpod.org/exploits/SecPod_Exploit_OfficeSIP_Server_DOS.py" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18453", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18453" + }, + { + "name": "http://secpod.org/exploits/SecPod_Exploit_OfficeSIP_Server_DOS.py", + "refsource": "MISC", + "url": "http://secpod.org/exploits/SecPod_Exploit_OfficeSIP_Server_DOS.py" + }, + { + "name": "http://secpod.org/blog/?p=461", + "refsource": "MISC", + "url": "http://secpod.org/blog/?p=461" + }, + { + "name": "http://secpod.org/advisories/SecPod_Exploit_OfficeSIP_Server_DOS_Vuln.txt", + "refsource": "MISC", + "url": "http://secpod.org/advisories/SecPod_Exploit_OfficeSIP_Server_DOS_Vuln.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1404.json b/2012/1xxx/CVE-2012-1404.json index 5ac95c9ebcc..86d40b63f05 100644 --- a/2012/1xxx/CVE-2012-1404.json +++ b/2012/1xxx/CVE-2012-1404.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.browser) application 2.2 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1404-vulnerability-in-DolphinBrowserMini.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1404-vulnerability-in-DolphinBrowserMini.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.browser) application 2.2 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1404-vulnerability-in-DolphinBrowserMini.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1404-vulnerability-in-DolphinBrowserMini.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1718.json b/2012/1xxx/CVE-2012-1718.json index 6851b011abf..f139dd4e181 100644 --- a/2012/1xxx/CVE-2012-1718.json +++ b/2012/1xxx/CVE-2012-1718.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620575", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620575" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21615246", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21615246" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02805", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" - }, - { - "name" : "SSRT100919", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" - }, - { - "name" : "MDVSA-2012:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "RHSA-2012:1243", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1243.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2012:0734", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0734.html" - }, - { - "name" : "SUSE-SU-2012:1231", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" - }, - { - "name" : "SUSE-SU-2012:1177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html" - }, - { - "name" : "SUSE-SU-2012:1265", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" - }, - { - "name" : "SUSE-SU-2012:1204", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html" - }, - { - "name" : "53951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53951" - }, - { - "name" : "oval:org.mitre.oval:def:15923", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15923" - }, - { - "name" : "50659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50659" - }, - { - "name" : "51080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51080" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1265", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "SUSE-SU-2012:1177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html" + }, + { + "name": "SUSE-SU-2012:1231", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" + }, + { + "name": "RHSA-2012:0734", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0734.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" + }, + { + "name": "RHSA-2012:1243", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1243.html" + }, + { + "name": "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html" + }, + { + "name": "50659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50659" + }, + { + "name": "SSRT100919", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2" + }, + { + "name": "SUSE-SU-2012:1204", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "MDVSA-2012:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620575", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620575" + }, + { + "name": "oval:org.mitre.oval:def:15923", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15923" + }, + { + "name": "53951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53951" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21615246", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21615246" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "51080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51080" + }, + { + "name": "HPSBUX02805", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1872.json b/2012/1xxx/CVE-2012-1872.json index fdc5a96bc51..44e76e6e399 100644 --- a/2012/1xxx/CVE-2012-1872.json +++ b/2012/1xxx/CVE-2012-1872.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka \"EUC-JP Character Encoding Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" - }, - { - "name" : "oval:org.mitre.oval:def:15629", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka \"EUC-JP Character Encoding Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS12-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" + }, + { + "name": "oval:org.mitre.oval:def:15629", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15629" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4147.json b/2012/4xxx/CVE-2012-4147.json index 06746e2bae2..a5921533549 100644 --- a/2012/4xxx/CVE-2012-4147.json +++ b/2012/4xxx/CVE-2012-4147.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-4147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "oval:org.mitre.oval:def:15949", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15949", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15949" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5129.json b/2012/5xxx/CVE-2012-5129.json index 006c4a8a398..99995211430 100644 --- a/2012/5xxx/CVE-2012-5129.json +++ b/2012/5xxx/CVE-2012-5129.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-update-for-chrome-os_30.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-update-for-chrome-os_30.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=145525", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=145525" - }, - { - "name" : "USN-1818-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1818-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1818-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1818-1" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-update-for-chrome-os_30.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-update-for-chrome-os_30.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=145525", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=145525" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5329.json b/2012/5xxx/CVE-2012-5329.json index 45ff5d46308..4169f8ac82d 100644 --- a/2012/5xxx/CVE-2012-5329.json +++ b/2012/5xxx/CVE-2012-5329.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18615", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18615" - }, - { - "name" : "52554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52554" - }, - { - "name" : "80577", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80577", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80577" + }, + { + "name": "18615", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18615" + }, + { + "name": "52554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52554" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5744.json b/2012/5xxx/CVE-2012-5744.json index fb7e74ff4a8..512ffd349d4 100644 --- a/2012/5xxx/CVE-2012-5744.json +++ b/2012/5xxx/CVE-2012-5744.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-5744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130829 Cisco ISE Guest Portal XSS Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130829 Cisco ISE Guest Portal XSS Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3344.json b/2017/3xxx/CVE-2017-3344.json index 31ba8949fdf..6c6c25c2c27 100644 --- a/2017/3xxx/CVE-2017-3344.json +++ b/2017/3xxx/CVE-2017-3344.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95500" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3551.json b/2017/3xxx/CVE-2017-3551.json index aaff948b150..960d462ad39 100644 --- a/2017/3xxx/CVE-2017-3551.json +++ b/2017/3xxx/CVE-2017-3551.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). The supported version that is affected is 11.3. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris as well as unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris as well as unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized read access to a subset of Solaris accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97821" - }, - { - "name" : "1038292", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). The supported version that is affected is 11.3. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris as well as unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris as well as unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized read access to a subset of Solaris accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97821" + }, + { + "name": "1038292", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038292" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3873.json b/2017/3xxx/CVE-2017-3873.json index cedba60a8f8..e0d06c8a2e2 100644 --- a/2017/3xxx/CVE-2017-3873.json +++ b/2017/3xxx/CVE-2017-3873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Aironet 1800, 2800, and 3800 Series Access Points", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Aironet 1800, 2800, and 3800 Series Access Points" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has confirmed that the only vulnerable software version is 8.3.102.0. Cisco Bug IDs: CSCvb42386." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Aironet 1800, 2800, and 3800 Series Access Points", + "version": { + "version_data": [ + { + "version_value": "Cisco Aironet 1800, 2800, and 3800 Series Access Points" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme" - }, - { - "name" : "98296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98296" - }, - { - "name" : "1038394", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has confirmed that the only vulnerable software version is 8.3.102.0. Cisco Bug IDs: CSCvb42386." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038394", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038394" + }, + { + "name": "98296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98296" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6135.json b/2017/6xxx/CVE-2017-6135.json index 76851a35e5e..4b5ed8b6a98 100644 --- a/2017/6xxx/CVE-2017-6135.json +++ b/2017/6xxx/CVE-2017-6135.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-12-20T00:00:00", - "ID" : "CVE-2017-6135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-12-20T00:00:00", + "ID": "CVE-2017-6135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K43322910", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K43322910" - }, - { - "name" : "1040050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K43322910", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K43322910" + }, + { + "name": "1040050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040050" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6849.json b/2017/6xxx/CVE-2017-6849.json index baf4e522c30..7241451e064 100644 --- a/2017/6xxx/CVE-2017-6849.json +++ b/2017/6xxx/CVE-2017-6849.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6930.json b/2017/6xxx/CVE-2017-6930.json index 867666d62db..2085841d4d7 100644 --- a/2017/6xxx/CVE-2017-6930.json +++ b/2017/6xxx/CVE-2017-6930.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@drupal.org", - "DATE_PUBLIC" : "2018-02-21T00:00:00", - "ID" : "CVE-2017-6930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Drupal Core", - "version" : { - "version_data" : [ - { - "version_value" : "8.4.x versions before 8.4.5" - } - ] - } - } - ] - }, - "vendor_name" : "Drupal.org" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Access bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@drupal.org", + "DATE_PUBLIC": "2018-02-21T00:00:00", + "ID": "CVE-2017-6930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drupal Core", + "version": { + "version_data": [ + { + "version_value": "8.4.x versions before 8.4.5" + } + ] + } + } + ] + }, + "vendor_name": "Drupal.org" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/sa-core-2018-001", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/sa-core-2018-001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/sa-core-2018-001", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/sa-core-2018-001" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7234.json b/2017/7xxx/CVE-2017-7234.json index ae06c5c7519..44bf82acf8b 100644 --- a/2017/7xxx/CVE-2017-7234.json +++ b/2017/7xxx/CVE-2017-7234.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/" - }, - { - "name" : "DSA-3835", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3835" - }, - { - "name" : "97401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97401" - }, - { - "name" : "1038177", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038177", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038177" + }, + { + "name": "97401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97401" + }, + { + "name": "DSA-3835", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3835" + }, + { + "name": "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7487.json b/2017/7xxx/CVE-2017-7487.json index 68f49faa299..e4b71a90eab 100644 --- a/2017/7xxx/CVE-2017-7487.json +++ b/2017/7xxx/CVE-2017-7487.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel through 4.11.1", - "version" : { - "version_data" : [ - { - "version_value" : "Linux kernel through 4.11.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "mishandles reference counts" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux kernel through 4.11.1", + "version": { + "version_data": [ + { + "version_value": "Linux kernel through 4.11.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1447734", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1447734" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80" - }, - { - "name" : "https://patchwork.ozlabs.org/patch/757549/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.ozlabs.org/patch/757549/" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "DSA-3886", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3886" - }, - { - "name" : "98439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98439" - }, - { - "name" : "1039237", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "mishandles reference counts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039237", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039237" + }, + { + "name": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "https://patchwork.ozlabs.org/patch/757549/", + "refsource": "CONFIRM", + "url": "https://patchwork.ozlabs.org/patch/757549/" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80" + }, + { + "name": "98439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98439" + }, + { + "name": "DSA-3886", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3886" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7488.json b/2017/7xxx/CVE-2017-7488.json index 4489c667c7b..2923e39f32f 100644 --- a/2017/7xxx/CVE-2017-7488.json +++ b/2017/7xxx/CVE-2017-7488.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "authconfig", - "version" : { - "version_data" : [ - { - "version_value" : "6.2.8" - } - ] - } - } - ] - }, - "vendor_name" : "authconfig" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information exposure" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "authconfig", + "version": { + "version_data": [ + { + "version_value": "6.2.8" + } + ] + } + } + ] + }, + "vendor_name": "authconfig" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1441604", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1441604" - }, - { - "name" : "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master", - "refsource" : "CONFIRM", - "url" : "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master" - }, - { - "name" : "RHSA-2017:2285", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2285" - }, - { - "name" : "101784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master", + "refsource": "CONFIRM", + "url": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master" + }, + { + "name": "101784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101784" + }, + { + "name": "RHSA-2017:2285", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2285" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1441604", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441604" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8373.json b/2017/8xxx/CVE-2017-8373.json index 07cd95db6d6..aab6240cabd 100644 --- a/2017/8xxx/CVE-2017-8373.json +++ b/2017/8xxx/CVE-2017-8373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180518 [SECURITY] [DLA 1380-1] libmad security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00011.html" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/" - }, - { - "name" : "DSA-4192", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4192", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4192" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/" + }, + { + "name": "[debian-lts-announce] 20180518 [SECURITY] [DLA 1380-1] libmad security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00011.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10003.json b/2018/10xxx/CVE-2018-10003.json index 75b94e2eeca..2ecb36619f4 100644 --- a/2018/10xxx/CVE-2018-10003.json +++ b/2018/10xxx/CVE-2018-10003.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10003", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10003", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10369.json b/2018/10xxx/CVE-2018-10369.json index 78a1ff8fee6..82892e6bdf6 100644 --- a/2018/10xxx/CVE-2018-10369.json +++ b/2018/10xxx/CVE-2018-10369.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@julianpedrobraga/router-hacking-destrinchando-o-elo-mais-fraco-de-uma-rede-4d0e7fcfbd9e", - "refsource" : "MISC", - "url" : "https://medium.com/@julianpedrobraga/router-hacking-destrinchando-o-elo-mais-fraco-de-uma-rede-4d0e7fcfbd9e" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@julianpedrobraga/router-hacking-destrinchando-o-elo-mais-fraco-de-uma-rede-4d0e7fcfbd9e", + "refsource": "MISC", + "url": "https://medium.com/@julianpedrobraga/router-hacking-destrinchando-o-elo-mais-fraco-de-uma-rede-4d0e7fcfbd9e" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10493.json b/2018/10xxx/CVE-2018-10493.json index 167323135b0..fda5e6679e6 100644 --- a/2018/10xxx/CVE-2018-10493.json +++ b/2018/10xxx/CVE-2018-10493.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-10493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Final Maximum Resolution attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-10493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-403", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-403" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Final Maximum Resolution attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-403", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-403" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10550.json b/2018/10xxx/CVE-2018-10550.json index 01d6435b696..d310c48a72b 100644 --- a/2018/10xxx/CVE-2018-10550.json +++ b/2018/10xxx/CVE-2018-10550.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OctopusDeploy/Issues/issues/4454", - "refsource" : "CONFIRM", - "url" : "https://github.com/OctopusDeploy/Issues/issues/4454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OctopusDeploy/Issues/issues/4454", + "refsource": "CONFIRM", + "url": "https://github.com/OctopusDeploy/Issues/issues/4454" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13365.json b/2018/13xxx/CVE-2018-13365.json index c14775deac7..595bee4380b 100644 --- a/2018/13xxx/CVE-2018-13365.json +++ b/2018/13xxx/CVE-2018-13365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13493.json b/2018/13xxx/CVE-2018-13493.json index 3bfed46df32..99cd89e71e0 100644 --- a/2018/13xxx/CVE-2018-13493.json +++ b/2018/13xxx/CVE-2018-13493.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for DaddyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DaddyToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DaddyToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for DaddyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DaddyToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DaddyToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17166.json b/2018/17xxx/CVE-2018-17166.json index 4ac3ee8669b..bb1ef832e32 100644 --- a/2018/17xxx/CVE-2018-17166.json +++ b/2018/17xxx/CVE-2018-17166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17537.json b/2018/17xxx/CVE-2018-17537.json index efd91ad12b9..ca669af68e9 100644 --- a/2018/17xxx/CVE-2018-17537.json +++ b/2018/17xxx/CVE-2018-17537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17537", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17537", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17713.json b/2018/17xxx/CVE-2018-17713.json index b08ed0c785c..223f6dc6bbd 100644 --- a/2018/17xxx/CVE-2018-17713.json +++ b/2018/17xxx/CVE-2018-17713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17902.json b/2018/17xxx/CVE-2018-17902.json index 0428f08b496..06603edf514 100644 --- a/2018/17xxx/CVE-2018-17902.json +++ b/2018/17xxx/CVE-2018-17902.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-09-28T00:00:00", - "ID" : "CVE-2018-17902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500", - "version" : { - "version_data" : [ - { - "version_value" : "All versions R4.10 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Yokogawa" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SESSION FIXATION CWE-384" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-09-28T00:00:00", + "ID": "CVE-2018-17902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500", + "version": { + "version_data": [ + { + "version_value": "All versions R4.10 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Yokogawa" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03" - }, - { - "name" : "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf", - "refsource" : "CONFIRM", - "url" : "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SESSION FIXATION CWE-384" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf", + "refsource": "CONFIRM", + "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20270.json b/2018/20xxx/CVE-2018-20270.json index e61ec8d8a61..dc1b31eb33e 100644 --- a/2018/20xxx/CVE-2018-20270.json +++ b/2018/20xxx/CVE-2018-20270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20574.json b/2018/20xxx/CVE-2018-20574.json index 621d708f3ae..af8974d9c27 100644 --- a/2018/20xxx/CVE-2018-20574.json +++ b/2018/20xxx/CVE-2018-20574.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jbeder/yaml-cpp/issues/654", - "refsource" : "MISC", - "url" : "https://github.com/jbeder/yaml-cpp/issues/654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jbeder/yaml-cpp/issues/654", + "refsource": "MISC", + "url": "https://github.com/jbeder/yaml-cpp/issues/654" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9384.json b/2018/9xxx/CVE-2018-9384.json index 975442ec483..c27ae8f8586 100644 --- a/2018/9xxx/CVE-2018-9384.json +++ b/2018/9xxx/CVE-2018-9384.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9384", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9384", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9527.json b/2018/9xxx/CVE-2018-9527.json index e6971c17dc0..17ac8de3938 100644 --- a/2018/9xxx/CVE-2018-9527.json +++ b/2018/9xxx/CVE-2018-9527.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - }, - { - "name" : "105865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105865" + }, + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9975.json b/2018/9xxx/CVE-2018-9975.json index 1cae6ea9e49..86a1f332456 100644 --- a/2018/9xxx/CVE-2018-9975.json +++ b/2018/9xxx/CVE-2018-9975.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5762." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-359", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-359" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5762." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-359", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-359" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file