From 7e2be8c6b5f07930ba2b3e16a5206d4dd7c6026c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 07:07:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1325.json | 130 +++++++-------- 2002/1xxx/CVE-2002-1419.json | 140 ++++++++-------- 2002/1xxx/CVE-2002-1711.json | 150 ++++++++--------- 2002/1xxx/CVE-2002-1998.json | 150 ++++++++--------- 2003/0xxx/CVE-2003-0237.json | 160 +++++++++--------- 2003/0xxx/CVE-2003-0592.json | 170 +++++++++---------- 2003/0xxx/CVE-2003-0648.json | 190 ++++++++++----------- 2003/0xxx/CVE-2003-0748.json | 140 ++++++++-------- 2003/1xxx/CVE-2003-1029.json | 230 +++++++++++++------------- 2003/1xxx/CVE-2003-1344.json | 150 ++++++++--------- 2003/1xxx/CVE-2003-1453.json | 150 ++++++++--------- 2003/1xxx/CVE-2003-1544.json | 200 +++++++++++------------ 2004/2xxx/CVE-2004-2176.json | 130 +++++++-------- 2004/2xxx/CVE-2004-2449.json | 170 +++++++++---------- 2004/2xxx/CVE-2004-2590.json | 170 +++++++++---------- 2004/2xxx/CVE-2004-2682.json | 120 +++++++------- 2008/2xxx/CVE-2008-2572.json | 150 ++++++++--------- 2008/2xxx/CVE-2008-2768.json | 160 +++++++++--------- 2012/0xxx/CVE-2012-0286.json | 140 ++++++++-------- 2012/0xxx/CVE-2012-0690.json | 130 +++++++-------- 2012/0xxx/CVE-2012-0935.json | 140 ++++++++-------- 2012/0xxx/CVE-2012-0969.json | 34 ++-- 2012/1xxx/CVE-2012-1119.json | 250 ++++++++++++++-------------- 2012/1xxx/CVE-2012-1344.json | 130 +++++++-------- 2012/5xxx/CVE-2012-5033.json | 34 ++-- 2012/5xxx/CVE-2012-5055.json | 120 +++++++------- 2012/5xxx/CVE-2012-5352.json | 150 ++++++++--------- 2012/5xxx/CVE-2012-5454.json | 150 ++++++++--------- 2012/5xxx/CVE-2012-5672.json | 120 +++++++------- 2012/5xxx/CVE-2012-5694.json | 160 +++++++++--------- 2012/5xxx/CVE-2012-5963.json | 260 ++++++++++++++--------------- 2017/3xxx/CVE-2017-3164.json | 132 +++++++-------- 2017/3xxx/CVE-2017-3476.json | 166 +++++++++---------- 2017/3xxx/CVE-2017-3553.json | 142 ++++++++-------- 2017/3xxx/CVE-2017-3665.json | 34 ++-- 2017/3xxx/CVE-2017-3828.json | 140 ++++++++-------- 2017/6xxx/CVE-2017-6641.json | 130 +++++++-------- 2017/6xxx/CVE-2017-6722.json | 140 ++++++++-------- 2017/6xxx/CVE-2017-6806.json | 34 ++-- 2017/7xxx/CVE-2017-7466.json | 210 ++++++++++++------------ 2017/7xxx/CVE-2017-7591.json | 130 +++++++-------- 2017/7xxx/CVE-2017-7764.json | 266 +++++++++++++++--------------- 2017/7xxx/CVE-2017-7980.json | 290 ++++++++++++++++----------------- 2017/8xxx/CVE-2017-8295.json | 170 +++++++++---------- 2017/8xxx/CVE-2017-8498.json | 130 +++++++-------- 2017/8xxx/CVE-2017-8917.json | 160 +++++++++--------- 2018/10xxx/CVE-2018-10235.json | 120 +++++++------- 2018/10xxx/CVE-2018-10300.json | 120 +++++++------- 2018/10xxx/CVE-2018-10315.json | 34 ++-- 2018/10xxx/CVE-2018-10349.json | 34 ++-- 2018/10xxx/CVE-2018-10542.json | 34 ++-- 2018/13xxx/CVE-2018-13152.json | 34 ++-- 2018/13xxx/CVE-2018-13270.json | 34 ++-- 2018/17xxx/CVE-2018-17243.json | 120 +++++++------- 2018/17xxx/CVE-2018-17271.json | 34 ++-- 2018/17xxx/CVE-2018-17719.json | 34 ++-- 2018/17xxx/CVE-2018-17855.json | 140 ++++++++-------- 2018/17xxx/CVE-2018-17997.json | 58 +------ 2018/20xxx/CVE-2018-20397.json | 130 +++++++-------- 2018/9xxx/CVE-2018-9105.json | 120 +++++++------- 2018/9xxx/CVE-2018-9690.json | 34 ++-- 2018/9xxx/CVE-2018-9705.json | 34 ++-- 2018/9xxx/CVE-2018-9952.json | 130 +++++++-------- 63 files changed, 4071 insertions(+), 4125 deletions(-) diff --git a/2002/1xxx/CVE-2002-1325.json b/2002/1xxx/CVE-2002-1325.json index dcf9249d8f1..3541fdd49ff 100644 --- a/2002/1xxx/CVE-2002-1325.json +++ b/2002/1xxx/CVE-2002-1325.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka \"User.dir Exposure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-069", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069" - }, - { - "name" : "6380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka \"User.dir Exposure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-069", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069" + }, + { + "name": "6380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6380" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1419.json b/2002/1xxx/CVE-2002-1419.json index 92f95b3115b..36644810438 100644 --- a/2002/1xxx/CVE-2002-1419.json +++ b/2002/1xxx/CVE-2002-1419.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020805-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020805-01-I" - }, - { - "name" : "5467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5467" - }, - { - "name" : "irix-origin-bypass-filtering(9868)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9868.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "irix-origin-bypass-filtering(9868)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9868.php" + }, + { + "name": "20020805-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020805-01-I" + }, + { + "name": "5467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5467" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1711.json b/2002/1xxx/CVE-2002-1711.json index f9e0493aea8..57a521baa73 100644 --- a/2002/1xxx/CVE-2002-1711.json +++ b/2002/1xxx/CVE-2002-1711.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020618 BasiliX multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/277710" - }, - { - "name" : "20020619 [VulnWatch] BasiliX multiple vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html" - }, - { - "name" : "basilix-webmail-view-attachments(9387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9387" - }, - { - "name" : "5065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "basilix-webmail-view-attachments(9387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9387" + }, + { + "name": "20020619 [VulnWatch] BasiliX multiple vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html" + }, + { + "name": "5065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5065" + }, + { + "name": "20020618 BasiliX multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/277710" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1998.json b/2002/1xxx/CVE-2002-1998.json index bc6f168183f..a6229b96ae7 100644 --- a/2002/1xxx/CVE-2002-1998.json +++ b/2002/1xxx/CVE-2002-1998.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows remote attackers to execute arbitrary commands via a long parameter to rtable_create (procedure 21)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020110 Unixware 7.1.1 rpc.cmsd remote exploit code.", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-01/0127.html" - }, - { - "name" : "20020110 Re: Unixware 7.1.1 rpc.cmsd remote exploit code.", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-01/0129.html" - }, - { - "name" : "CSSA-2002-SCO.12", - "refsource" : "CALDERA", - "url" : "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.12/CSSA-2002-SCO.12.txt" - }, - { - "name" : "openunix-unixware-rpccmsd-bo(8597)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8597.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows remote attackers to execute arbitrary commands via a long parameter to rtable_create (procedure 21)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-2002-SCO.12", + "refsource": "CALDERA", + "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.12/CSSA-2002-SCO.12.txt" + }, + { + "name": "openunix-unixware-rpccmsd-bo(8597)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8597.php" + }, + { + "name": "20020110 Unixware 7.1.1 rpc.cmsd remote exploit code.", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-01/0127.html" + }, + { + "name": "20020110 Re: Unixware 7.1.1 rpc.cmsd remote exploit code.", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-01/0129.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0237.json b/2003/0xxx/CVE-2003-0237.json index be2abc6c8c9..0ef36f6555d 100644 --- a/2003/0xxx/CVE-2003-0237.json +++ b/2003/0xxx/CVE-2003-0237.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"ICQ Features on Demand\" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html" - }, - { - "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2" - }, - { - "name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10" - }, - { - "name" : "7464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7464" - }, - { - "name" : "icq-features-no-auth(11944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"ICQ Features on Demand\" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html" + }, + { + "name": "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", + "refsource": "MISC", + "url": "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10" + }, + { + "name": "icq-features-no-auth(11944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11944" + }, + { + "name": "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105216842131995&w=2" + }, + { + "name": "7464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7464" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0592.json b/2003/0xxx/CVE-2003-0592.json index e67a21ff609..fd06ac9f44a 100644 --- a/2003/0xxx/CVE-2003-0592.json +++ b/2003/0xxx/CVE-2003-0592.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html" - }, - { - "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html" - }, - { - "name" : "RHSA-2004:074", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-074.html" - }, - { - "name" : "DSA-459", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-459" - }, - { - "name" : "MDKSA-2004:022", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:022" - }, - { - "name" : "oval:org.mitre.oval:def:823", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html" + }, + { + "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html" + }, + { + "name": "DSA-459", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-459" + }, + { + "name": "oval:org.mitre.oval:def:823", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A823" + }, + { + "name": "RHSA-2004:074", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-074.html" + }, + { + "name": "MDKSA-2004:022", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:022" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0648.json b/2003/0xxx/CVE-2003-0648.json index f042706d4e4..de642121257 100644 --- a/2003/0xxx/CVE-2003-0648.json +++ b/2003/0xxx/CVE-2003-0648.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-472", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-472" - }, - { - "name" : "VU#354838", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/354838" - }, - { - "name" : "VU#900964", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/900964" - }, - { - "name" : "10041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10041" - }, - { - "name" : "1009655", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009655" - }, - { - "name" : "1009656", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009656" - }, - { - "name" : "11290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11290" - }, - { - "name" : "ftetexteditor-vfte-bo(15726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11290" + }, + { + "name": "10041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10041" + }, + { + "name": "VU#900964", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/900964" + }, + { + "name": "1009655", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009655" + }, + { + "name": "1009656", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009656" + }, + { + "name": "VU#354838", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/354838" + }, + { + "name": "DSA-472", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-472" + }, + { + "name": "ftetexteditor-vfte-bo(15726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15726" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0748.json b/2003/0xxx/CVE-2003-0748.json index d6ff939c98e..29e8403b20a 100644 --- a/2003/0xxx/CVE-2003-0748.json +++ b/2003/0xxx/CVE-2003-0748.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030830 SAP Internet Transaction Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html" - }, - { - "name" : "its-wgatedll-directory-traversal(13066)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13066" - }, - { - "name" : "8516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030830 SAP Internet Transaction Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html" + }, + { + "name": "8516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8516" + }, + { + "name": "its-wgatedll-directory-traversal(13066)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13066" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1029.json b/2003/1xxx/CVE-2003-1029.json index 2cf8bd61210..952911082d2 100644 --- a/2003/1xxx/CVE-2003-1029.json +++ b/2003/1xxx/CVE-2003-1029.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031220 Remote crash in tcpdump from OpenBSD", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107193841728533&w=2" - }, - { - "name" : "20031221 Re: Remote crash in tcpdump from OpenBSD", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107213553214985&w=2" - }, - { - "name" : "20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/350238/30/21640/threaded" - }, - { - "name" : "[tcpdump-workers] 20031224 Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2" - }, - { - "name" : "DSA-425", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-425" - }, - { - "name" : "ESA-20040119-002", - "refsource" : "ENGARDE", - "url" : "http://lwn.net/Alerts/66805/" - }, - { - "name" : "MDKSA-2004:008", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008" - }, - { - "name" : "1008748", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008748" - }, - { - "name" : "10636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10636" - }, - { - "name" : "10652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10652" - }, - { - "name" : "10668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10668" - }, - { - "name" : "10718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10718" + }, + { + "name": "10668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10668" + }, + { + "name": "[tcpdump-workers] 20031224 Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets", + "refsource": "MLIST", + "url": "http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2" + }, + { + "name": "10636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10636" + }, + { + "name": "1008748", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008748" + }, + { + "name": "ESA-20040119-002", + "refsource": "ENGARDE", + "url": "http://lwn.net/Alerts/66805/" + }, + { + "name": "MDKSA-2004:008", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008" + }, + { + "name": "20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/350238/30/21640/threaded" + }, + { + "name": "DSA-425", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-425" + }, + { + "name": "10652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10652" + }, + { + "name": "20031221 Re: Remote crash in tcpdump from OpenBSD", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107213553214985&w=2" + }, + { + "name": "20031220 Remote crash in tcpdump from OpenBSD", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107193841728533&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1344.json b/2003/1xxx/CVE-2003-1344.json index db2ee223b18..e6a7f67b625 100644 --- a/2003/1xxx/CVE-2003-1344.json +++ b/2003/1xxx/CVE-2003-1344.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to \"selects1\", which returns log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html" - }, - { - "name" : "6618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6618" - }, - { - "name" : "7881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7881" - }, - { - "name" : "trend-vcs-weak-encryption(11063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to \"selects1\", which returns log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7881" + }, + { + "name": "trend-vcs-weak-encryption(11063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11063" + }, + { + "name": "6618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6618" + }, + { + "name": "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1453.json b/2003/1xxx/CVE-2003-1453.json index f18ad7b9491..dcd2f57b033 100644 --- a/2003/1xxx/CVE-2003-1453.json +++ b/2003/1xxx/CVE-2003-1453.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030425 XOOPS MyTextSanitizer CSS 1.3x & 2.x", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/319715" - }, - { - "name" : "7434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7434" - }, - { - "name" : "3269", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3269" - }, - { - "name" : "xoops-mytextsanitizer-xss(11872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030425 XOOPS MyTextSanitizer CSS 1.3x & 2.x", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/319715" + }, + { + "name": "xoops-mytextsanitizer-xss(11872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11872" + }, + { + "name": "7434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7434" + }, + { + "name": "3269", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3269" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1544.json b/2003/1xxx/CVE-2003-1544.json index 557982b114b..142ad937cc5 100644 --- a/2003/1xxx/CVE-2003-1544.json +++ b/2003/1xxx/CVE-2003-1544.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030123 DoS attack on Windows 2000 Terminal Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/308059" - }, - { - "name" : "20030124 RE: DoS attack on Windows 2000 Terminal Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/308164" - }, - { - "name" : "815225", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/815225/en-us" - }, - { - "name" : "6672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6672" - }, - { - "name" : "1005986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005986" - }, - { - "name" : "7959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7959" - }, - { - "name" : "3654", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3654" - }, - { - "name" : "win2k-terminal-msgina-dos(11141)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11141" - }, - { - "name" : "win2k-terminal-msgina-permissions(11816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "815225", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/815225/en-us" + }, + { + "name": "win2k-terminal-msgina-dos(11141)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11141" + }, + { + "name": "1005986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005986" + }, + { + "name": "3654", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3654" + }, + { + "name": "7959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7959" + }, + { + "name": "6672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6672" + }, + { + "name": "win2k-terminal-msgina-permissions(11816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11816" + }, + { + "name": "20030123 DoS attack on Windows 2000 Terminal Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/308059" + }, + { + "name": "20030124 RE: DoS attack on Windows 2000 Terminal Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/308164" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2176.json b/2004/2xxx/CVE-2004-2176.json index 7fb6ffd80ba..a55d37f216e 100644 --- a/2004/2xxx/CVE-2004-2176.json +++ b/2004/2xxx/CVE-2004-2176.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041012 Writing Trojans that bypass Windows XP Service Pack 2 Firewall", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/378508" - }, - { - "name" : "11410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11410" + }, + { + "name": "20041012 Writing Trojans that bypass Windows XP Service Pack 2 Firewall", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/378508" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2449.json b/2004/2xxx/CVE-2004-2449.json index af30295879d..1136d0fa2db 100644 --- a/2004/2xxx/CVE-2004-2449.json +++ b/2004/2xxx/CVE-2004-2449.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040331 RogerWilco: new funny bugs", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-03/0352.html" - }, - { - "name" : "http://aluigi.altervista.org/adv/wilco-again-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/wilco-again-adv.txt" - }, - { - "name" : "10022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10022" - }, - { - "name" : "4833", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4833" - }, - { - "name" : "11270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11270" - }, - { - "name" : "roger-wilco-udp-dos(15716)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040331 RogerWilco: new funny bugs", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0352.html" + }, + { + "name": "roger-wilco-udp-dos(15716)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15716" + }, + { + "name": "http://aluigi.altervista.org/adv/wilco-again-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/wilco-again-adv.txt" + }, + { + "name": "4833", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4833" + }, + { + "name": "10022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10022" + }, + { + "name": "11270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11270" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2590.json b/2004/2xxx/CVE-2004-2590.json index a672ae18eb0..acfc4f5c210 100644 --- a/2004/2xxx/CVE-2004-2590.json +++ b/2004/2xxx/CVE-2004-2590.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://prdownloads.sourceforge.net/cphplib/cphplib-0.47.tar.gz?download", - "refsource" : "CONFIRM", - "url" : "http://prdownloads.sourceforge.net/cphplib/cphplib-0.47.tar.gz?download" - }, - { - "name" : "http://www.meindlsoft.com/cphplib_changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.meindlsoft.com/cphplib_changelog.php" - }, - { - "name" : "11062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11062" - }, - { - "name" : "9224", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9224" - }, - { - "name" : "1011076", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011076" - }, - { - "name" : "cphplib-parameter-improper-validation(17145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://prdownloads.sourceforge.net/cphplib/cphplib-0.47.tar.gz?download", + "refsource": "CONFIRM", + "url": "http://prdownloads.sourceforge.net/cphplib/cphplib-0.47.tar.gz?download" + }, + { + "name": "11062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11062" + }, + { + "name": "1011076", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011076" + }, + { + "name": "cphplib-parameter-improper-validation(17145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17145" + }, + { + "name": "9224", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9224" + }, + { + "name": "http://www.meindlsoft.com/cphplib_changelog.php", + "refsource": "CONFIRM", + "url": "http://www.meindlsoft.com/cphplib_changelog.php" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2682.json b/2004/2xxx/CVE-2004-2682.json index 7978682fe56..957e13ff99b 100644 --- a/2004/2xxx/CVE-2004-2682.json +++ b/2004/2xxx/CVE-2004-2682.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal), a related issue to CVE-2003-0147." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.matrixssl.org/archives/000075.html", - "refsource" : "CONFIRM", - "url" : "http://www.matrixssl.org/archives/000075.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal), a related issue to CVE-2003-0147." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.matrixssl.org/archives/000075.html", + "refsource": "CONFIRM", + "url": "http://www.matrixssl.org/archives/000075.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2572.json b/2008/2xxx/CVE-2008-2572.json index 02879f38f22..191b1c5b908 100644 --- a/2008/2xxx/CVE-2008-2572.json +++ b/2008/2xxx/CVE-2008-2572.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080529 Flash Blog Sql Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492748/100/0/threaded" - }, - { - "name" : "5685", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5685" - }, - { - "name" : "3927", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3927" - }, - { - "name" : "flashblog-leercomentarios-sql-injection(43040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flashblog-leercomentarios-sql-injection(43040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43040" + }, + { + "name": "20080529 Flash Blog Sql Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492748/100/0/threaded" + }, + { + "name": "5685", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5685" + }, + { + "name": "3927", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3927" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2768.json b/2008/2xxx/CVE-2008-2768.json index 3b62607f69a..e69710bd480 100644 --- a/2008/2xxx/CVE-2008-2768.json +++ b/2008/2xxx/CVE-2008-2768.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors (\"all fields\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Xigla Multiple Products - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121322052622903&w=2" - }, - { - "name" : "http://bugreport.ir/index.php?/41", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/41" - }, - { - "name" : "29672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29672" - }, - { - "name" : "3950", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3950" - }, - { - "name" : "absolutepoll-search-xss(43054)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors (\"all fields\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "absolutepoll-search-xss(43054)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43054" + }, + { + "name": "http://bugreport.ir/index.php?/41", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/41" + }, + { + "name": "29672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29672" + }, + { + "name": "20080611 Xigla Multiple Products - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2" + }, + { + "name": "3950", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3950" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0286.json b/2012/0xxx/CVE-2012-0286.json index 0151cfaffc1..fb03a45d3a0 100644 --- a/2012/0xxx/CVE-2012-0286.json +++ b/2012/0xxx/CVE-2012-0286.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html", - "refsource" : "MISC", - "url" : "http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html" - }, - { - "name" : "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf" - }, - { - "name" : "http://www.stone-ware.com/swql.jsp?kb=d1960", - "refsource" : "CONFIRM", - "url" : "http://www.stone-ware.com/swql.jsp?kb=d1960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html", + "refsource": "MISC", + "url": "http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html" + }, + { + "name": "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf", + "refsource": "CONFIRM", + "url": "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf" + }, + { + "name": "http://www.stone-ware.com/swql.jsp?kb=d1960", + "refsource": "CONFIRM", + "url": "http://www.stone-ware.com/swql.jsp?kb=d1960" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0690.json b/2012/0xxx/CVE-2012-0690.json index 50d5bd2f8c8..e2d4173d063 100644 --- a/2012/0xxx/CVE-2012-0690.json +++ b/2012/0xxx/CVE-2012-0690.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt" - }, - { - "name" : "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp" + }, + { + "name": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0935.json b/2012/0xxx/CVE-2012-0935.json index a1d0676be2b..8e655c220f9 100644 --- a/2012/0xxx/CVE-2012-0935.json +++ b/2012/0xxx/CVE-2012-0935.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18405", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18405" - }, - { - "name" : "51627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51627" - }, - { - "name" : "aryadad-default-sql-injection(72639)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aryadad-default-sql-injection(72639)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72639" + }, + { + "name": "51627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51627" + }, + { + "name": "18405", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18405" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0969.json b/2012/0xxx/CVE-2012-0969.json index 9ce5748356e..a37b7a87117 100644 --- a/2012/0xxx/CVE-2012-0969.json +++ b/2012/0xxx/CVE-2012-0969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0969", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-0969", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1119.json b/2012/1xxx/CVE-2012-1119.json index 9a5eb4da2a3..6d223c02abb 100644 --- a/2012/1xxx/CVE-2012-1119.json +++ b/2012/1xxx/CVE-2012-1119.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/9" - }, - { - "name" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=140", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=140" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=13816", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=13816" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/cf5df427f17cf9204645f83e000665780eb9afe6", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/cf5df427f17cf9204645f83e000665780eb9afe6" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/dea7e315f3fc96dfa995e56e8810845fc07a47aa", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/dea7e315f3fc96dfa995e56e8810845fc07a47aa" - }, - { - "name" : "DSA-2500", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2500" - }, - { - "name" : "FEDORA-2012-18273", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html" - }, - { - "name" : "FEDORA-2012-18294", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html" - }, - { - "name" : "FEDORA-2012-18299", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html" - }, - { - "name" : "GLSA-201211-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201211-01.xml" - }, - { - "name" : "52313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52313" - }, - { - "name" : "48258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48258" - }, - { - "name" : "49572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49572" - }, - { - "name" : "51199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52313" + }, + { + "name": "FEDORA-2012-18299", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html" + }, + { + "name": "DSA-2500", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2500" + }, + { + "name": "GLSA-201211-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=13816", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=13816" + }, + { + "name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=140", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=140" + }, + { + "name": "49572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49572" + }, + { + "name": "51199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51199" + }, + { + "name": "FEDORA-2012-18294", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html" + }, + { + "name": "[oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/9" + }, + { + "name": "FEDORA-2012-18273", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html" + }, + { + "name": "48258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48258" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/dea7e315f3fc96dfa995e56e8810845fc07a47aa", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/dea7e315f3fc96dfa995e56e8810845fc07a47aa" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/cf5df427f17cf9204645f83e000665780eb9afe6", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/cf5df427f17cf9204645f83e000665780eb9afe6" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1344.json b/2012/1xxx/CVE-2012-1344.json index ccd2b5ad63f..255b509c1c8 100644 --- a/2012/1xxx/CVE-2012-1344.json +++ b/2012/1xxx/CVE-2012-1344.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html" - }, - { - "name" : "1027371", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html" + }, + { + "name": "1027371", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027371" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5033.json b/2012/5xxx/CVE-2012-5033.json index 69626b06a70..29ffcd134e2 100644 --- a/2012/5xxx/CVE-2012-5033.json +++ b/2012/5xxx/CVE-2012-5033.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5033", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5033", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5055.json b/2012/5xxx/CVE-2012-5055.json index 106c5adf003..6aa0264cd4f 100644 --- a/2012/5xxx/CVE-2012-5055.json +++ b/2012/5xxx/CVE-2012-5055.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.springsource.com/security/CVE-2012-5055", - "refsource" : "CONFIRM", - "url" : "http://support.springsource.com/security/CVE-2012-5055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.springsource.com/security/CVE-2012-5055", + "refsource": "CONFIRM", + "url": "http://support.springsource.com/security/CVE-2012-5055" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5352.json b/2012/5xxx/CVE-2012-5352.json index ac49cd978c9..49f50fc0cf2 100644 --- a/2012/5xxx/CVE-2012-5352.json +++ b/2012/5xxx/CVE-2012-5352.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf", - "refsource" : "MISC", - "url" : "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=865169", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=865169" - }, - { - "name" : "55892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55892" - }, - { - "name" : "josso-signature-security-bypass(79241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=865169", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865169" + }, + { + "name": "55892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55892" + }, + { + "name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf", + "refsource": "MISC", + "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf" + }, + { + "name": "josso-signature-security-bypass(79241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79241" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5454.json b/2012/5xxx/CVE-2012-5454.json index 299af600c27..e01ae0794d1 100644 --- a/2012/5xxx/CVE-2012-5454.json +++ b/2012/5xxx/CVE-2012-5454.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23117", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23117" - }, - { - "name" : "56237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56237" - }, - { - "name" : "86428", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86428" - }, - { - "name" : "51034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86428", + "refsource": "OSVDB", + "url": "http://osvdb.org/86428" + }, + { + "name": "56237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56237" + }, + { + "name": "51034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51034" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23117", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23117" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5672.json b/2012/5xxx/CVE-2012-5672.json index c80c004269a..45a6f819d3c 100644 --- a/2012/5xxx/CVE-2012-5672.json +++ b/2012/5xxx/CVE-2012-5672.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121010 Microsoft Office Excel ReadAV Arbitrary Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/524379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20121010 Microsoft Office Excel ReadAV Arbitrary Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/524379" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5694.json b/2012/5xxx/CVE-2012-5694.json index 198ab13968d..ba118061996 100644 --- a/2012/5xxx/CVE-2012-5694.json +++ b/2012/5xxx/CVE-2012-5694.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/georgiaweidman/statuses/269138431567855618", - "refsource" : "MISC", - "url" : "https://twitter.com/georgiaweidman/statuses/269138431567855618" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23123", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23123" - }, - { - "name" : "87324", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87324" - }, - { - "name" : "87325", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87325" - }, - { - "name" : "51414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "87325", + "refsource": "OSVDB", + "url": "http://osvdb.org/87325" + }, + { + "name": "51414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51414" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23123", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23123" + }, + { + "name": "87324", + "refsource": "OSVDB", + "url": "http://osvdb.org/87324" + }, + { + "name": "https://twitter.com/georgiaweidman/statuses/269138431567855618", + "refsource": "MISC", + "url": "https://twitter.com/georgiaweidman/statuses/269138431567855618" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5963.json b/2012/5xxx/CVE-2012-5963.json index 1b6e5882925..e24dbab8e22 100644 --- a/2012/5xxx/CVE-2012-5963.json +++ b/2012/5xxx/CVE-2012-5963.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-5963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play" - }, - { - "name" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf" - }, - { - "name" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb" - }, - { - "name" : "http://pupnp.sourceforge.net/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://pupnp.sourceforge.net/ChangeLog" - }, - { - "name" : "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf", - "refsource" : "CONFIRM", - "url" : "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf" - }, - { - "name" : "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf", - "refsource" : "CONFIRM", - "url" : "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf" - }, - { - "name" : "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf", - "refsource" : "CONFIRM", - "url" : "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf" - }, - { - "name" : "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf", - "refsource" : "CONFIRM", - "url" : "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037" - }, - { - "name" : "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp" - }, - { - "name" : "DSA-2614", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2614" - }, - { - "name" : "DSA-2615", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2615" - }, - { - "name" : "MDVSA-2013:098", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098" - }, - { - "name" : "VU#922681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/922681" - }, - { - "name" : "57602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp" + }, + { + "name": "MDVSA-2013:098", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098" + }, + { + "name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf", + "refsource": "CONFIRM", + "url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf" + }, + { + "name": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", + "refsource": "MISC", + "url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf" + }, + { + "name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf", + "refsource": "CONFIRM", + "url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf" + }, + { + "name": "DSA-2615", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2615" + }, + { + "name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf", + "refsource": "CONFIRM", + "url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf" + }, + { + "name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf", + "refsource": "CONFIRM", + "url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf" + }, + { + "name": "DSA-2614", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2614" + }, + { + "name": "57602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57602" + }, + { + "name": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", + "refsource": "MISC", + "url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb" + }, + { + "name": "http://pupnp.sourceforge.net/ChangeLog", + "refsource": "CONFIRM", + "url": "http://pupnp.sourceforge.net/ChangeLog" + }, + { + "name": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play" + }, + { + "name": "VU#922681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/922681" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3164.json b/2017/3xxx/CVE-2017-3164.json index 4a1195578ac..f89a47d373f 100644 --- a/2017/3xxx/CVE-2017-3164.json +++ b/2017/3xxx/CVE-2017-3164.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2019-02-12T00:00:00", - "ID" : "CVE-2017-3164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Solr", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Solr 1.3.0 to 1.4.1, 3.1.0 to 3.6.2, 4.0.0 to 4.10.4, 5.0.0 to 5.5.5, 6.0.0 to 6.6.5, 7.0.0 to 7.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the \"shards\" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server Side Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2019-02-12T00:00:00", + "ID": "CVE-2017-3164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Solr", + "version": { + "version_data": [ + { + "version_value": "Apache Solr 1.3.0 to 1.4.1, 3.1.0 to 3.6.2, 4.0.0 to 4.10.4, 5.0.0 to 5.5.5, 6.0.0 to 6.6.5, 7.0.0 to 7.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[www-announce] 20190212 [SECURITY] CVE-2017-3164 SSRF issue in Apache Solr", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E" - }, - { - "name" : "107026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the \"shards\" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server Side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107026" + }, + { + "name": "[www-announce] 20190212 [SECURITY] CVE-2017-3164 SSRF issue in Apache Solr", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3476.json b/2017/3xxx/CVE-2017-3476.json index 3a8560c3031..48fb7fb3fe3 100644 --- a/2017/3xxx/CVE-2017-3476.json +++ b/2017/3xxx/CVE-2017-3476.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Private Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.0.0" - }, - { - "version_affected" : "=", - "version_value" : "2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "2.2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "12.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Private Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + }, + { + "version_affected": "=", + "version_value": "2.2.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97738" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + }, + { + "name": "97738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97738" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3553.json b/2017/3xxx/CVE-2017-3553.json index 90740bc3344..9965a5557da 100644 --- a/2017/3xxx/CVE-2017-3553.json +++ b/2017/3xxx/CVE-2017-3553.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Identity Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.2.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.2.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97728" - }, - { - "name" : "1038291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038291" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97728" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3665.json b/2017/3xxx/CVE-2017-3665.json index b0c2cdd457e..b8f08c50b61 100644 --- a/2017/3xxx/CVE-2017-3665.json +++ b/2017/3xxx/CVE-2017-3665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3665", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3828.json b/2017/3xxx/CVE-2017-3828.json index e48aada588b..598e5bb8bed 100644 --- a/2017/3xxx/CVE-2017-3828.json +++ b/2017/3xxx/CVE-2017-3828.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1" - }, - { - "name" : "96240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96240" - }, - { - "name" : "1037839", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037839", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037839" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1" + }, + { + "name": "96240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96240" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6641.json b/2017/6xxx/CVE-2017-6641.json index a8a13987249..f39a8cb6290 100644 --- a/2017/6xxx/CVE-2017-6641.json +++ b/2017/6xxx/CVE-2017-6641.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Remote Expert Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Remote Expert Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a lack of rate-limiting functionality in the TCP Listen application of the affected software. An attacker could exploit this vulnerability by sending a crafted TCP traffic stream in which specific types of TCP packets are flooded to an affected device, for example a TCP packet stream in which the TCP FIN bit is set in all the TCP packets. A successful exploit could allow the attacker to cause certain TCP listening ports on the affected system to stop accepting incoming connections for a period of time or until the affected device is restarted, resulting in a DoS condition. In addition, system resources, such as CPU and memory, could be exhausted during the attack. Cisco Bug IDs: CSCva29806." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Remote Expert Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Remote Expert Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1" - }, - { - "name" : "98532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a lack of rate-limiting functionality in the TCP Listen application of the affected software. An attacker could exploit this vulnerability by sending a crafted TCP traffic stream in which specific types of TCP packets are flooded to an affected device, for example a TCP packet stream in which the TCP FIN bit is set in all the TCP packets. A successful exploit could allow the attacker to cause certain TCP listening ports on the affected system to stop accepting incoming connections for a period of time or until the affected device is restarted, resulting in a DoS condition. In addition, system resources, such as CPU and memory, could be exhausted during the attack. Cisco Bug IDs: CSCva29806." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98532" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6722.json b/2017/6xxx/CVE-2017-6722.json index 9b3eebc44f0..43bebc5ecc2 100644 --- a/2017/6xxx/CVE-2017-6722.json +++ b/2017/6xxx/CVE-2017-6722.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Contact Center Express", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Contact Center Express" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Clear Text Authentication Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Contact Center Express", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Contact Center Express" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce" - }, - { - "name" : "99201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99201" - }, - { - "name" : "1038749", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Clear Text Authentication Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99201" + }, + { + "name": "1038749", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038749" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6806.json b/2017/6xxx/CVE-2017-6806.json index 1a08be2ecb3..1b8e4b850eb 100644 --- a/2017/6xxx/CVE-2017-6806.json +++ b/2017/6xxx/CVE-2017-6806.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6806", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6806", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7466.json b/2017/7xxx/CVE-2017-7466.json index 36ee80e2d56..9ce9e3aed44 100644 --- a/2017/7xxx/CVE-2017-7466.json +++ b/2017/7xxx/CVE-2017-7466.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2017-7466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ansible", - "version" : { - "version_data" : [ - { - "version_value" : "ansible 2.3" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.0/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ansible", + "version": { + "version_data": [ + { + "version_value": "ansible 2.3" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466" - }, - { - "name" : "RHSA-2017:1244", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1244" - }, - { - "name" : "RHSA-2017:1334", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1334" - }, - { - "name" : "RHSA-2017:1476", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1476" - }, - { - "name" : "RHSA-2017:1499", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1499" - }, - { - "name" : "RHSA-2017:1599", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1599" - }, - { - "name" : "RHSA-2017:1685", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1685" - }, - { - "name" : "97595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.0/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1599", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1599" + }, + { + "name": "RHSA-2017:1334", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1334" + }, + { + "name": "97595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97595" + }, + { + "name": "RHSA-2017:1685", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1685" + }, + { + "name": "RHSA-2017:1244", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1244" + }, + { + "name": "RHSA-2017:1499", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1499" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466" + }, + { + "name": "RHSA-2017:1476", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1476" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7591.json b/2017/7xxx/CVE-2017-7591.json index 7321dca1c3e..00d1f5861d6 100644 --- a/2017/7xxx/CVE-2017-7591.json +++ b/2017/7xxx/CVE-2017-7591.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/", - "refsource" : "MISC", - "url" : "http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/" - }, - { - "name" : "https://backstage.forgerock.com/knowledge/kb/article/a92936505", - "refsource" : "CONFIRM", - "url" : "https://backstage.forgerock.com/knowledge/kb/article/a92936505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/", + "refsource": "MISC", + "url": "http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/" + }, + { + "name": "https://backstage.forgerock.com/knowledge/kb/article/a92936505", + "refsource": "CONFIRM", + "url": "https://backstage.forgerock.com/knowledge/kb/article/a92936505" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7764.json b/2017/7xxx/CVE-2017-7764.json index 2ae4b0ba891..106954eaeb7 100644 --- a/2017/7xxx/CVE-2017-7764.json +++ b/2017/7xxx/CVE-2017-7764.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "54" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Domain spoofing with combination of Canadian Syllabics and other unicode blocks" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "54" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts", - "refsource" : "MISC", - "url" : "http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1364283", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1364283" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/" - }, - { - "name" : "DSA-3881", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3881" - }, - { - "name" : "DSA-3918", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3918" - }, - { - "name" : "RHSA-2017:1440", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1440" - }, - { - "name" : "RHSA-2017:1561", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1561" - }, - { - "name" : "99057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99057" - }, - { - "name" : "1038689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Domain spoofing with combination of Canadian Syllabics and other unicode blocks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99057" + }, + { + "name": "http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts", + "refsource": "MISC", + "url": "http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/" + }, + { + "name": "DSA-3918", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3918" + }, + { + "name": "1038689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038689" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1364283", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1364283" + }, + { + "name": "DSA-3881", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3881" + }, + { + "name": "RHSA-2017:1440", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1440" + }, + { + "name": "RHSA-2017:1561", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1561" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-17/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7980.json b/2017/7xxx/CVE-2017-7980.json index 638e02fca3a..8a619e2f840 100644 --- a/2017/7xxx/CVE-2017-7980.json +++ b/2017/7xxx/CVE-2017-7980.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170421 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/04/21/1" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1430056", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1430056" - }, - { - "name" : "https://support.citrix.com/article/CTX230138", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX230138" - }, - { - "name" : "GLSA-201706-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-03" - }, - { - "name" : "RHSA-2017:0980", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0980" - }, - { - "name" : "RHSA-2017:0981", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0981" - }, - { - "name" : "RHSA-2017:0982", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0982" - }, - { - "name" : "RHSA-2017:0983", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0983" - }, - { - "name" : "RHSA-2017:0984", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0984" - }, - { - "name" : "RHSA-2017:0988", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0988" - }, - { - "name" : "RHSA-2017:1205", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1205" - }, - { - "name" : "RHSA-2017:1206", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1206" - }, - { - "name" : "RHSA-2017:1430", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1430" - }, - { - "name" : "RHSA-2017:1441", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1441" - }, - { - "name" : "USN-3289-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-3289-1" - }, - { - "name" : "97955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97955" - }, - { - "name" : "102129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0983", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0983" + }, + { + "name": "[oss-security] 20170421 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/04/21/1" + }, + { + "name": "RHSA-2017:0982", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0982" + }, + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "RHSA-2017:1430", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1430" + }, + { + "name": "GLSA-201706-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-03" + }, + { + "name": "USN-3289-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-3289-1" + }, + { + "name": "RHSA-2017:1206", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1206" + }, + { + "name": "97955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97955" + }, + { + "name": "102129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102129" + }, + { + "name": "RHSA-2017:0984", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0984" + }, + { + "name": "RHSA-2017:0988", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0988" + }, + { + "name": "RHSA-2017:1441", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1441" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1430056", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430056" + }, + { + "name": "RHSA-2017:0981", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0981" + }, + { + "name": "RHSA-2017:0980", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0980" + }, + { + "name": "RHSA-2017:1205", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1205" + }, + { + "name": "https://support.citrix.com/article/CTX230138", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX230138" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8295.json b/2017/8xxx/CVE-2017-8295.json index 1f2849fee5f..a4bdecae0ab 100644 --- a/2017/8xxx/CVE-2017-8295.json +++ b/2017/8xxx/CVE-2017-8295.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41963", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41963/" - }, - { - "name" : "https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html", - "refsource" : "MISC", - "url" : "https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8807", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8807" - }, - { - "name" : "DSA-3870", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3870" - }, - { - "name" : "98295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98295" - }, - { - "name" : "1038403", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41963", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41963/" + }, + { + "name": "https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html", + "refsource": "MISC", + "url": "https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html" + }, + { + "name": "DSA-3870", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3870" + }, + { + "name": "1038403", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038403" + }, + { + "name": "98295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98295" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8807", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8807" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8498.json b/2017/8xxx/CVE-2017-8498.json index c905fefe06d..df81c7ee2b3 100644 --- a/2017/8xxx/CVE-2017-8498.json +++ b/2017/8xxx/CVE-2017-8498.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1607 and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8504." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1607 and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8498", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8498" - }, - { - "name" : "98886", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8504." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98886", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98886" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8498", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8498" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8917.json b/2017/8xxx/CVE-2017-8917.json index 2450ce966df..c70225e5865 100644 --- a/2017/8xxx/CVE-2017-8917.json +++ b/2017/8xxx/CVE-2017-8917.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42033", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42033/" - }, - { - "name" : "44358", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44358/" - }, - { - "name" : "https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html" - }, - { - "name" : "98515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98515" - }, - { - "name" : "1038522", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98515" + }, + { + "name": "https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html" + }, + { + "name": "44358", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44358/" + }, + { + "name": "1038522", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038522" + }, + { + "name": "42033", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42033/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10235.json b/2018/10xxx/CVE-2018-10235.json index 37f7156a1a8..63bef7fa584 100644 --- a/2018/10xxx/CVE-2018-10235.json +++ b/2018/10xxx/CVE-2018-10235.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\\module\\member\\controllers\\admin\\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\\module\\member\\models\\Member_model.php and write this code into the api/ucsso/config.php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/myndtt/vulnerability/blob/master/poscms/3-2-10.md", - "refsource" : "MISC", - "url" : "https://github.com/myndtt/vulnerability/blob/master/poscms/3-2-10.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\\module\\member\\controllers\\admin\\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\\module\\member\\models\\Member_model.php and write this code into the api/ucsso/config.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/myndtt/vulnerability/blob/master/poscms/3-2-10.md", + "refsource": "MISC", + "url": "https://github.com/myndtt/vulnerability/blob/master/poscms/3-2-10.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10300.json b/2018/10xxx/CVE-2018-10300.json index 7bbc975e3ea..154b7b544fd 100644 --- a/2018/10xxx/CVE-2018-10300.json +++ b/2018/10xxx/CVE-2018-10300.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", - "refsource" : "MISC", - "url" : "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", + "refsource": "MISC", + "url": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10315.json b/2018/10xxx/CVE-2018-10315.json index 0fab357aa60..a16a95bd045 100644 --- a/2018/10xxx/CVE-2018-10315.json +++ b/2018/10xxx/CVE-2018-10315.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10315", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10315", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10349.json b/2018/10xxx/CVE-2018-10349.json index de9b3403f55..34ba9113f4c 100644 --- a/2018/10xxx/CVE-2018-10349.json +++ b/2018/10xxx/CVE-2018-10349.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10349", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10349", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10542.json b/2018/10xxx/CVE-2018-10542.json index 0137190e033..dbf89ff238f 100644 --- a/2018/10xxx/CVE-2018-10542.json +++ b/2018/10xxx/CVE-2018-10542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10542", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10542", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13152.json b/2018/13xxx/CVE-2018-13152.json index 2f4a77aa91d..97c27122407 100644 --- a/2018/13xxx/CVE-2018-13152.json +++ b/2018/13xxx/CVE-2018-13152.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13152", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13152", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13270.json b/2018/13xxx/CVE-2018-13270.json index ae24b3b2264..f9692e4d339 100644 --- a/2018/13xxx/CVE-2018-13270.json +++ b/2018/13xxx/CVE-2018-13270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13270", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13270", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17243.json b/2018/17xxx/CVE-2018-17243.json index 25abab3dbad..58263973a7e 100644 --- a/2018/17xxx/CVE-2018-17243.json +++ b/2018/17xxx/CVE-2018-17243.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.manageengine.com/network-monitoring/help/read-me.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/network-monitoring/help/read-me.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/network-monitoring/help/read-me.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/network-monitoring/help/read-me.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17271.json b/2018/17xxx/CVE-2018-17271.json index 675d8f4dc2e..73f9a15787c 100644 --- a/2018/17xxx/CVE-2018-17271.json +++ b/2018/17xxx/CVE-2018-17271.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17271", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17271", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17719.json b/2018/17xxx/CVE-2018-17719.json index 61a00df8f02..9fef7ca5f18 100644 --- a/2018/17xxx/CVE-2018-17719.json +++ b/2018/17xxx/CVE-2018-17719.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17719", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17719", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17855.json b/2018/17xxx/CVE-2018-17855.json index 29b090271be..c134abb715e 100644 --- a/2018/17xxx/CVE-2018-17855.json +++ b/2018/17xxx/CVE-2018-17855.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/754-20181004-core-acl-violation-in-com-users-for-the-admin-verification", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/754-20181004-core-acl-violation-in-com-users-for-the-admin-verification" - }, - { - "name" : "105559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105559" - }, - { - "name" : "1041914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105559" + }, + { + "name": "1041914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041914" + }, + { + "name": "https://developer.joomla.org/security-centre/754-20181004-core-acl-violation-in-com-users-for-the-admin-verification", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/754-20181004-core-acl-violation-in-com-users-for-the-admin-verification" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17997.json b/2018/17xxx/CVE-2018-17997.json index 200be474ccb..9d3ae43cad7 100644 --- a/2018/17xxx/CVE-2018-17997.json +++ b/2018/17xxx/CVE-2018-17997.json @@ -2,30 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17997", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } + "STATE": "RESERVED" }, "data_format": "MITRE", "data_type": "CVE", @@ -34,38 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "LayerBB 1.1.1 allows XSS via the titles of conversations (PMs)." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html", - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html" - }, - { - "refsource": "EXPLOIT-DB", - "name": "46079", - "url": "https://www.exploit-db.com/exploits/46079/" - }, - { - "refsource": "CONFIRM", - "name": "https://github.com/AndyRixon/LayerBB/commits/master", - "url": "https://github.com/AndyRixon/LayerBB/commits/master" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2018/20xxx/CVE-2018-20397.json b/2018/20xxx/CVE-2018-20397.json index 4298a5be5cf..39b0efb4599 100644 --- a/2018/20xxx/CVE-2018-20397.json +++ b/2018/20xxx/CVE-2018-20397.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", - "refsource" : "MISC", - "url" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" - }, - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", + "refsource": "MISC", + "url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" + }, + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9105.json b/2018/9xxx/CVE-2018-9105.json index cb209b836d4..eb1114a0e41 100644 --- a/2018/9xxx/CVE-2018-9105.json +++ b/2018/9xxx/CVE-2018-9105.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately this XPC service is not protected, which allows arbitrary applications to connect and send it XPC messages. An attacker can send a crafted XPC message to the privileged helper tool requesting it make a new OpenVPN connection. Because he or she controls the contents of the XPC message, the attacker can specify the location of the openvpn executable, which could point to something malicious they control located on disk. Without validation of the openvpn executable, this will give the attacker code execution in the context of the privileged helper tool." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-015.md", - "refsource" : "MISC", - "url" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-015.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately this XPC service is not protected, which allows arbitrary applications to connect and send it XPC messages. An attacker can send a crafted XPC message to the privileged helper tool requesting it make a new OpenVPN connection. Because he or she controls the contents of the XPC message, the attacker can specify the location of the openvpn executable, which could point to something malicious they control located on disk. Without validation of the openvpn executable, this will give the attacker code execution in the context of the privileged helper tool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-015.md", + "refsource": "MISC", + "url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-015.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9690.json b/2018/9xxx/CVE-2018-9690.json index 4e3b32b34ad..7ed4cf01a4a 100644 --- a/2018/9xxx/CVE-2018-9690.json +++ b/2018/9xxx/CVE-2018-9690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9705.json b/2018/9xxx/CVE-2018-9705.json index c5feb1a7bb6..36280d8a5be 100644 --- a/2018/9xxx/CVE-2018-9705.json +++ b/2018/9xxx/CVE-2018-9705.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9705", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9705", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9952.json b/2018/9xxx/CVE-2018-9952.json index 3206f2b3d73..92b181c64ee 100644 --- a/2018/9xxx/CVE-2018-9952.json +++ b/2018/9xxx/CVE-2018-9952.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the formattedValue attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5527." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-336", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-336" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the formattedValue attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5527." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-336", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-336" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file