diff --git a/2002/0xxx/CVE-2002-0490.json b/2002/0xxx/CVE-2002-0490.json index ab4d55620b0..66a6ba6c2b5 100644 --- a/2002/0xxx/CVE-2002-0490.json +++ b/2002/0xxx/CVE-2002-0490.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020323 Instant Web Mail additional POP3 commands and mail headers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/264041" - }, - { - "name" : "http://instantwebmail.sourceforge.net/#changeLog", - "refsource" : "CONFIRM", - "url" : "http://instantwebmail.sourceforge.net/#changeLog" - }, - { - "name" : "instant-webmail-pop-commands(8650)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8650.php" - }, - { - "name" : "4361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "instant-webmail-pop-commands(8650)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8650.php" + }, + { + "name": "4361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4361" + }, + { + "name": "20020323 Instant Web Mail additional POP3 commands and mail headers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/264041" + }, + { + "name": "http://instantwebmail.sourceforge.net/#changeLog", + "refsource": "CONFIRM", + "url": "http://instantwebmail.sourceforge.net/#changeLog" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1242.json b/2002/1xxx/CVE-2002-1242.json index daf855c401a..98bb46ff7f0 100644 --- a/2002/1xxx/CVE-2002-1242.json +++ b/2002/1xxx/CVE-2002-1242.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the \"bio\" argument to modules.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.idefense.com/advisory/10.31.02c.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/10.31.02c.txt" - }, - { - "name" : "20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103616324103171&w=2" - }, - { - "name" : "20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html" - }, - { - "name" : "phpnuke-accountmanager-sql-injection(10516)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10516.php" - }, - { - "name" : "6088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6088" - }, - { - "name" : "6244", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the \"bio\" argument to modules.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html" + }, + { + "name": "6088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6088" + }, + { + "name": "20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103616324103171&w=2" + }, + { + "name": "phpnuke-accountmanager-sql-injection(10516)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10516.php" + }, + { + "name": "6244", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6244" + }, + { + "name": "http://www.idefense.com/advisory/10.31.02c.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/10.31.02c.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1566.json b/2002/1xxx/CVE-2002-1566.json index 99385fd4c72..eecce4de725 100644 --- a/2002/1xxx/CVE-2002-1566.json +++ b/2002/1xxx/CVE-2002-1566.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020909 netris-0.5.", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=103158692532256&w=2" - }, - { - "name" : "5680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5680" - }, - { - "name" : "netris-remote-bo(10081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020909 netris-0.5.", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=103158692532256&w=2" + }, + { + "name": "netris-remote-bo(10081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10081" + }, + { + "name": "5680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5680" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1719.json b/2002/1xxx/CVE-2002-1719.json index aaa25653b61..6d2a6f53885 100644 --- a/2002/1xxx/CVE-2002-1719.json +++ b/2002/1xxx/CVE-2002-1719.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4079" - }, - { - "name" : "1003503", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003503" - }, - { - "name" : "bavo-unspecified-security-bypass(40988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bavo-unspecified-security-bypass(40988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40988" + }, + { + "name": "1003503", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003503" + }, + { + "name": "4079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4079" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0193.json b/2003/0xxx/CVE-2003-0193.json index 0c5c0ee018a..db6011ef2d6 100644 --- a/2003/0xxx/CVE-2003-0193.json +++ b/2003/0xxx/CVE-2003-0193.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names (\"word$$.html\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-575", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-575" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525" - }, - { - "name" : "11560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11560" - }, - { - "name" : "11193", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11193" - }, - { - "name" : "13021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13021/" - }, - { - "name" : "13022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13022/" - }, - { - "name" : "catdoc-xlsview-symlink(16335)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names (\"word$$.html\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11193", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11193" + }, + { + "name": "11560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11560" + }, + { + "name": "13021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13021/" + }, + { + "name": "13022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13022/" + }, + { + "name": "catdoc-xlsview-symlink(16335)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16335" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525" + }, + { + "name": "DSA-575", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-575" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0332.json b/2003/0xxx/CVE-2003-0332.json index f598e92945e..dc91069f0fa 100644 --- a/2003/0xxx/CVE-2003-0332.json +++ b/2003/0xxx/CVE-2003-0332.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030520 BadBlue Remote Administrative Interface Access Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105346382524169&w=2" - }, - { - "name" : "20030520 BadBlue Remote Administrative Interface Access Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030520 BadBlue Remote Administrative Interface Access Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105346382524169&w=2" + }, + { + "name": "20030520 BadBlue Remote Administrative Interface Access Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0636.json b/2003/0xxx/CVE-2003-0636.json index 5c5fc5e9460..a2c8083f713 100644 --- a/2003/0xxx/CVE-2003-0636.json +++ b/2003/0xxx/CVE-2003-0636.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0743.json b/2003/0xxx/CVE-2003-0743.json index bcdfb5a5a15..45f6a582bb7 100644 --- a/2003/0xxx/CVE-2003-0743.json +++ b/2003/0xxx/CVE-2003-0743.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the \"(no argument given)\" string is appended to the buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030901 exim remote heap overflow, probably not exploitable", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106252015820395&w=2" - }, - { - "name" : "20030903 Re: exim remote heap overflow, probably not exploitable", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=106264740820334&w=2" - }, - { - "name" : "[Exim] 20030814 Minor security bug", - "refsource" : "MLIST", - "url" : "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html" - }, - { - "name" : "[Exim] 20030815 Minor security bug", - "refsource" : "MLIST", - "url" : "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog" - }, - { - "name" : "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html", - "refsource" : "CONFIRM", - "url" : "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html" - }, - { - "name" : "DSA-376", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-376" - }, - { - "name" : "CLA-2003:735", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the \"(no argument given)\" string is appended to the buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-376", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-376" + }, + { + "name": "CLA-2003:735", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735" + }, + { + "name": "[Exim] 20030814 Minor security bug", + "refsource": "MLIST", + "url": "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html" + }, + { + "name": "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html", + "refsource": "CONFIRM", + "url": "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html" + }, + { + "name": "20030901 exim remote heap overflow, probably not exploitable", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106252015820395&w=2" + }, + { + "name": "20030903 Re: exim remote heap overflow, probably not exploitable", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=106264740820334&w=2" + }, + { + "name": "[Exim] 20030815 Minor security bug", + "refsource": "MLIST", + "url": "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1163.json b/2003/1xxx/CVE-2003-1163.json index 87891eb78d3..dafdef29e2b 100644 --- a/2003/1xxx/CVE-2003-1163.json +++ b/2003/1xxx/CVE-2003-1163.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031106 DoS for Ganglia", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343689" - }, - { - "name" : "http://ganglia.sourceforge.net/", - "refsource" : "CONFIRM", - "url" : "http://ganglia.sourceforge.net/" - }, - { - "name" : "8988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8988" - }, - { - "name" : "2787", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2787" - }, - { - "name" : "10166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10166" - }, - { - "name" : "ganglia-gmond-dos(13631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2787", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2787" + }, + { + "name": "8988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8988" + }, + { + "name": "20031106 DoS for Ganglia", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343689" + }, + { + "name": "ganglia-gmond-dos(13631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13631" + }, + { + "name": "10166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10166" + }, + { + "name": "http://ganglia.sourceforge.net/", + "refsource": "CONFIRM", + "url": "http://ganglia.sourceforge.net/" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1317.json b/2003/1xxx/CVE-2003-1317.json index 4e6ed5a5373..6054166c136 100644 --- a/2003/1xxx/CVE-2003-1317.json +++ b/2003/1xxx/CVE-2003-1317.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8506" - }, - { - "name" : "2480", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2480" - }, - { - "name" : "1007592", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007592" - }, - { - "name" : "9622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9622" - }, - { - "name" : "endonesia-mod-xss(13041)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9622" + }, + { + "name": "2480", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2480" + }, + { + "name": "8506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8506" + }, + { + "name": "1007592", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007592" + }, + { + "name": "endonesia-mod-xss(13041)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13041" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1326.json b/2003/1xxx/CVE-2003-1326.json index 2deec8ef71b..b6af73b910c 100644 --- a/2003/1xxx/CVE-2003-1326.json +++ b/2003/1xxx/CVE-2003-1326.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" - }, - { - "name" : "N-038", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-038.shtml" - }, - { - "name" : "6779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6779" - }, - { - "name" : "ie-dialog-zone-bypass(11258)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11258.php" - }, - { - "name" : "oval:org.mitre.oval:def:126", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" - }, - { - "name" : "oval:org.mitre.oval:def:178", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" - }, - { - "name" : "oval:org.mitre.oval:def:49", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6779" + }, + { + "name": "oval:org.mitre.oval:def:126", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" + }, + { + "name": "ie-dialog-zone-bypass(11258)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11258.php" + }, + { + "name": "N-038", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" + }, + { + "name": "oval:org.mitre.oval:def:49", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" + }, + { + "name": "oval:org.mitre.oval:def:178", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" + }, + { + "name": "MS03-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1502.json b/2003/1xxx/CVE-2003-1502.json index bbd815a4eb6..84f23bbaf33 100644 --- a/2003/1xxx/CVE-2003-1502.json +++ b/2003/1xxx/CVE-2003-1502.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031015 Mod-Throttle [was: client attacks server - XSS]", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012043.html" - }, - { - "name" : "8822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031015 Mod-Throttle [was: client attacks server - XSS]", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012043.html" + }, + { + "name": "8822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8822" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2554.json b/2004/2xxx/CVE-2004-2554.json index 4fb61f80322..0319f308575 100644 --- a/2004/2xxx/CVE-2004-2554.json +++ b/2004/2xxx/CVE-2004-2554.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090585.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090585.htm" - }, - { - "name" : "O-090", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-090.shtml" - }, - { - "name" : "9441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9441" - }, - { - "name" : "4120", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4120" - }, - { - "name" : "1008755", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008755" - }, - { - "name" : "11014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11014" - }, - { - "name" : "ncf-tray-icon-gain-privileges(15367)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "O-090", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-090.shtml" + }, + { + "name": "1008755", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008755" + }, + { + "name": "ncf-tray-icon-gain-privileges(15367)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15367" + }, + { + "name": "11014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11014" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090585.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090585.htm" + }, + { + "name": "4120", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4120" + }, + { + "name": "9441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9441" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0299.json b/2012/0xxx/CVE-2012-0299.json index cbeff5f8467..50d6662e5fc 100644 --- a/2012/0xxx/CVE-2012-0299.json +++ b/2012/0xxx/CVE-2012-0299.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00" - }, - { - "name" : "53443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53443" - }, - { - "name" : "symantec-web-unspec-command-exec(75730)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "symantec-web-unspec-command-exec(75730)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75730" + }, + { + "name": "53443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53443" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0461.json b/2012/0xxx/CVE-2012-0461.json index 73d5ffa7594..48fa01e406a 100644 --- a/2012/0xxx/CVE-2012-0461.json +++ b/2012/0xxx/CVE-2012-0461.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=657588", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=657588" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=730425", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=730425" - }, - { - "name" : "DSA-2433", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2433" - }, - { - "name" : "DSA-2458", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2458" - }, - { - "name" : "MDVSA-2012:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031" - }, - { - "name" : "MDVSA-2012:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" - }, - { - "name" : "RHSA-2012:0387", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0387.html" - }, - { - "name" : "RHSA-2012:0388", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0388.html" - }, - { - "name" : "openSUSE-SU-2012:0417", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" - }, - { - "name" : "SUSE-SU-2012:0424", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:0425", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" - }, - { - "name" : "USN-1400-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-3" - }, - { - "name" : "USN-1400-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-4" - }, - { - "name" : "USN-1400-5", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-5" - }, - { - "name" : "USN-1400-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-2" - }, - { - "name" : "USN-1401-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1401-1" - }, - { - "name" : "USN-1400-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-1" - }, - { - "name" : "oval:org.mitre.oval:def:15009", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009" - }, - { - "name" : "1026804", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026804" - }, - { - "name" : "1026801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026801" - }, - { - "name" : "1026803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026803" - }, - { - "name" : "48629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48629" - }, - { - "name" : "48513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48513" - }, - { - "name" : "48495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48495" - }, - { - "name" : "48496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48496" - }, - { - "name" : "48553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48553" - }, - { - "name" : "48561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48561" - }, - { - "name" : "48624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48624" - }, - { - "name" : "48823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48823" - }, - { - "name" : "48920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48920" - }, - { - "name" : "48402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48402" - }, - { - "name" : "48359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48359" - }, - { - "name" : "48414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0417", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" + }, + { + "name": "48402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48402" + }, + { + "name": "MDVSA-2012:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031" + }, + { + "name": "48624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48624" + }, + { + "name": "SUSE-SU-2012:0424", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" + }, + { + "name": "USN-1400-5", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-5" + }, + { + "name": "48414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48414" + }, + { + "name": "48359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48359" + }, + { + "name": "48823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48823" + }, + { + "name": "USN-1401-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1401-1" + }, + { + "name": "USN-1400-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-4" + }, + { + "name": "48629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48629" + }, + { + "name": "USN-1400-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-3" + }, + { + "name": "RHSA-2012:0387", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html" + }, + { + "name": "48496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48496" + }, + { + "name": "SUSE-SU-2012:0425", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=730425", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=730425" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html" + }, + { + "name": "USN-1400-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-2" + }, + { + "name": "DSA-2458", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2458" + }, + { + "name": "48920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48920" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=657588", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=657588" + }, + { + "name": "DSA-2433", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2433" + }, + { + "name": "MDVSA-2012:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" + }, + { + "name": "1026803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026803" + }, + { + "name": "48495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48495" + }, + { + "name": "48553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48553" + }, + { + "name": "USN-1400-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-1" + }, + { + "name": "48561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48561" + }, + { + "name": "RHSA-2012:0388", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html" + }, + { + "name": "1026801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026801" + }, + { + "name": "oval:org.mitre.oval:def:15009", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009" + }, + { + "name": "1026804", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026804" + }, + { + "name": "48513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48513" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0604.json b/2012/0xxx/CVE-2012-0604.json index 0200a5edfb2..f8de890a1cc 100644 --- a/2012/0xxx/CVE-2012-0604.json +++ b/2012/0xxx/CVE-2012-0604.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79926", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79926" - }, - { - "name" : "oval:org.mitre.oval:def:17486", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17486" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20120604-code-execution(73823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "oval:org.mitre.oval:def:17486", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17486" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "apple-webkit-cve20120604-code-execution(73823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73823" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "79926", + "refsource": "OSVDB", + "url": "http://osvdb.org/79926" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1039.json b/2012/1xxx/CVE-2012-1039.json index d89cbfa50c1..e522a3a260a 100644 --- a/2012/1xxx/CVE-2012-1039.json +++ b/2012/1xxx/CVE-2012-1039.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120229 Multiple XSS in Dotclear", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0183.html" - }, - { - "name" : "https://www.htbridge.ch/advisory/HTB23074", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/HTB23074" - }, - { - "name" : "http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2", - "refsource" : "CONFIRM", - "url" : "http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2" - }, - { - "name" : "52221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52221" - }, - { - "name" : "48209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48209" - }, - { - "name" : "dotclear-multiple-xss(73565)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.ch/advisory/HTB23074", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/HTB23074" + }, + { + "name": "http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2", + "refsource": "CONFIRM", + "url": "http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2" + }, + { + "name": "dotclear-multiple-xss(73565)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73565" + }, + { + "name": "52221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52221" + }, + { + "name": "20120229 Multiple XSS in Dotclear", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0183.html" + }, + { + "name": "48209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48209" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1553.json b/2012/1xxx/CVE-2012-1553.json index e058ec4ad09..b0956cd55af 100644 --- a/2012/1xxx/CVE-2012-1553.json +++ b/2012/1xxx/CVE-2012-1553.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1553", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1553", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1706.json b/2012/1xxx/CVE-2012-1706.json index fb4cec9de54..b4d01bb336e 100644 --- a/2012/1xxx/CVE-2012-1706.json +++ b/2012/1xxx/CVE-2012-1706.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Logging." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53116" - }, - { - "name" : "1026953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Logging." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53116" + }, + { + "name": "1026953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026953" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1863.json b/2012/1xxx/CVE-2012-1863.json index 0298656b9e2..d05f469eced 100644 --- a/2012/1xxx/CVE-2012-1863.json +++ b/2012/1xxx/CVE-2012-1863.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Reflected List Parameter Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050" - }, - { - "name" : "TA12-192A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15689", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Reflected List Parameter Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-192A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" + }, + { + "name": "MS12-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050" + }, + { + "name": "oval:org.mitre.oval:def:15689", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4552.json b/2012/4xxx/CVE-2012-4552.json index 1081ae6935d..a045371b598 100644 --- a/2012/4xxx/CVE-2012-4552.json +++ b/2012/4xxx/CVE-2012-4552.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121029 Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/29/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=871187", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=871187" - }, - { - "name" : "FEDORA-2012-17465", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.html" - }, - { - "name" : "FEDORA-2012-17482", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.html" - }, - { - "name" : "FEDORA-2012-17517", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.html" - }, - { - "name" : "openSUSE-SU-2012:1506", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:0146", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html" - }, - { - "name" : "87001", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/87001" - }, - { - "name" : "51340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "87001", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/87001" + }, + { + "name": "51340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51340" + }, + { + "name": "[oss-security] 20121029 Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/29/9" + }, + { + "name": "FEDORA-2012-17465", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.html" + }, + { + "name": "FEDORA-2012-17517", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=871187", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871187" + }, + { + "name": "openSUSE-SU-2012:1506", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html" + }, + { + "name": "openSUSE-SU-2013:0146", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html" + }, + { + "name": "FEDORA-2012-17482", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4733.json b/2012/4xxx/CVE-2012-4733.json index 5d0a9f414ec..94683d8272a 100644 --- a/2012/4xxx/CVE-2012-4733.json +++ b/2012/4xxx/CVE-2012-4733.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20130522 RT 4.0.13 released", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" - }, - { - "name" : "[rt-announce] 20130522 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" - }, - { - "name" : "93611", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/93611" - }, - { - "name" : "53522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rt-announce] 20130522 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" + }, + { + "name": "93611", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/93611" + }, + { + "name": "[rt-announce] 20130522 RT 4.0.13 released", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" + }, + { + "name": "53522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53522" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4824.json b/2012/4xxx/CVE-2012-4824.json index a0ed547d719..5dd1ff90015 100644 --- a/2012/4xxx/CVE-2012-4824.json +++ b/2012/4xxx/CVE-2012-4824.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21612229", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21612229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21612229", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612229" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4979.json b/2012/4xxx/CVE-2012-4979.json index 0b16d9a1512..9ecc24037bb 100644 --- a/2012/4xxx/CVE-2012-4979.json +++ b/2012/4xxx/CVE-2012-4979.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4979", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4979", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5676.json b/2012/5xxx/CVE-2012-5676.json index 3b4f9738f35..b419e408f41 100644 --- a/2012/5xxx/CVE-2012-5676.json +++ b/2012/5xxx/CVE-2012-5676.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-27.html" - }, - { - "name" : "openSUSE-SU-2013:0139", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:0368", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0368", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html" + }, + { + "name": "openSUSE-SU-2013:0139", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-27.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-27.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2726.json b/2017/2xxx/CVE-2017-2726.json index f80df16eaeb..9cda3b833b1 100644 --- a/2017/2xxx/CVE-2017-2726.json +++ b/2017/2xxx/CVE-2017-2726.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "P10 Plus,P10", - "version" : { - "version_data" : [ - { - "version_value" : "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P10 Plus,P10", + "version": { + "version_data": [ + { + "version_value": "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en" - }, - { - "name" : "97696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97696" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2814.json b/2017/2xxx/CVE-2017-2814.json index 66afa2c574e..ef6c682d459 100644 --- a/2017/2xxx/CVE-2017-2814.json +++ b/2017/2xxx/CVE-2017-2814.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-2814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Poppler", - "version" : { - "version_data" : [ - { - "version_value" : "0.53.0" - } - ] - } - } - ] - }, - "vendor_name" : "Poppler" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-2814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Poppler", + "version": { + "version_data": [ + { + "version_value": "0.53.0" + } + ] + } + } + ] + }, + "vendor_name": "Poppler" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311" - }, - { - "name" : "99497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311" + }, + { + "name": "99497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99497" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3077.json b/2017/3xxx/CVE-2017-3077.json index c2776081ed6..0e0a4b1ec8e 100644 --- a/2017/3xxx/CVE-2017-3077.json +++ b/2017/3xxx/CVE-2017-3077.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 25.0.0.171 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 25.0.0.171 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 25.0.0.171 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 25.0.0.171 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42248", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42248/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" - }, - { - "name" : "GLSA-201707-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-15" - }, - { - "name" : "RHSA-2017:1439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1439" - }, - { - "name" : "99025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99025" - }, - { - "name" : "1038655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" + }, + { + "name": "99025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99025" + }, + { + "name": "1038655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038655" + }, + { + "name": "42248", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42248/" + }, + { + "name": "RHSA-2017:1439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1439" + }, + { + "name": "GLSA-201707-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-15" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3321.json b/2017/3xxx/CVE-2017-3321.json index 7f82a10ab85..01b1def9be0 100644 --- a/2017/3xxx/CVE-2017-3321.json +++ b/2017/3xxx/CVE-2017-3321.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Cluster", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.19 and earlier" - }, - { - "version_value" : "7.3.8 and earlier" - }, - { - "version_value" : "7.4.5 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Cluster", + "version": { + "version_data": [ + { + "version_value": "7.2.19 and earlier" + }, + { + "version_value": "7.3.8 and earlier" + }, + { + "version_value": "7.4.5 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95562" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95562" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3479.json b/2017/3xxx/CVE-2017-3479.json index 0c24ca2aa40..440623aa1be 100644 --- a/2017/3xxx/CVE-2017-3479.json +++ b/2017/3xxx/CVE-2017-3479.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Private Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.0.0" - }, - { - "version_affected" : "=", - "version_value" : "2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "2.2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "12.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Private Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + }, + { + "version_affected": "=", + "version_value": "2.2.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97805" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + }, + { + "name": "97805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97805" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6469.json b/2017/6xxx/CVE-2017-6469.json index aaf7333d23b..1543eb47f0e 100644 --- a/2017/6xxx/CVE-2017-6469.json +++ b/2017/6xxx/CVE-2017-6469.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-03.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-03.html" - }, - { - "name" : "DSA-3811", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3811" - }, - { - "name" : "96577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-03.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-03.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346" + }, + { + "name": "96577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96577" + }, + { + "name": "DSA-3811", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3811" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7890.json b/2017/7xxx/CVE-2017-7890.json index cf89b40ec30..76f471df308 100644 --- a/2017/7xxx/CVE-2017-7890.json +++ b/2017/7xxx/CVE-2017-7890.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=74435", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=74435" - }, - { - "name" : "https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-12", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-12" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180112-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180112-0001/" - }, - { - "name" : "DSA-3938", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3938" - }, - { - "name" : "RHSA-2018:0406", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0406" - }, - { - "name" : "RHSA-2018:1296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1296" - }, - { - "name" : "99492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038" + }, + { + "name": "https://www.tenable.com/security/tns-2017-12", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-12" + }, + { + "name": "DSA-3938", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3938" + }, + { + "name": "RHSA-2018:1296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1296" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180112-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180112-0001/" + }, + { + "name": "99492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99492" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "RHSA-2018:0406", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0406" + }, + { + "name": "https://bugs.php.net/bug.php?id=74435", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=74435" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8260.json b/2017/8xxx/CVE-2017-8260.json index 7ca0b5ff7a1..d930d3fa3f7 100644 --- a/2017/8xxx/CVE-2017-8260.json +++ b/2017/8xxx/CVE-2017-8260.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2017-8260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2017-8260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-8260.c", - "refsource" : "MISC", - "url" : "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-8260.c" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99465" + }, + { + "name": "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-8260.c", + "refsource": "MISC", + "url": "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-8260.c" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10472.json b/2018/10xxx/CVE-2018-10472.json index 0e219585f90..971b490c24a 100644 --- a/2018/10xxx/CVE-2018-10472.json +++ b/2018/10xxx/CVE-2018-10472.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" - }, - { - "name" : "https://xenbits.xen.org/xsa/advisory-258.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-258.html" - }, - { - "name" : "DSA-4201", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4201" - }, - { - "name" : "GLSA-201810-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-06" - }, - { - "name" : "104002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201810-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-06" + }, + { + "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-258.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-258.html" + }, + { + "name": "104002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104002" + }, + { + "name": "DSA-4201", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4201" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10476.json b/2018/10xxx/CVE-2018-10476.json index a2313172256..6b98e2e408e 100644 --- a/2018/10xxx/CVE-2018-10476.json +++ b/2018/10xxx/CVE-2018-10476.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-10476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-10476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-386", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-386" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-386", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-386" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10652.json b/2018/10xxx/CVE-2018-10652.json index 4b4f9aa1168..e877f7d08eb 100644 --- a/2018/10xxx/CVE-2018-10652.json +++ b/2018/10xxx/CVE-2018-10652.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX234879", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX234879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX234879", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX234879" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14168.json b/2018/14xxx/CVE-2018-14168.json index 34c13e18aeb..9350678cd7b 100644 --- a/2018/14xxx/CVE-2018-14168.json +++ b/2018/14xxx/CVE-2018-14168.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14168", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14168", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17224.json b/2018/17xxx/CVE-2018-17224.json index 979bcf364bf..c3bd38f0fab 100644 --- a/2018/17xxx/CVE-2018-17224.json +++ b/2018/17xxx/CVE-2018-17224.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17224", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17224", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17257.json b/2018/17xxx/CVE-2018-17257.json index 7c452de4645..a81f5ab7946 100644 --- a/2018/17xxx/CVE-2018-17257.json +++ b/2018/17xxx/CVE-2018-17257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17257", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17257", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17460.json b/2018/17xxx/CVE-2018-17460.json index 13417d664f2..bc15a81b379 100644 --- a/2018/17xxx/CVE-2018-17460.json +++ b/2018/17xxx/CVE-2018-17460.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17460", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17460", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17511.json b/2018/17xxx/CVE-2018-17511.json index 0d6905eb073..fc38c91c3b1 100644 --- a/2018/17xxx/CVE-2018-17511.json +++ b/2018/17xxx/CVE-2018-17511.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17511", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17511", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17974.json b/2018/17xxx/CVE-2018-17974.json index b024b199916..4f3a1a3fa5e 100644 --- a/2018/17xxx/CVE-2018-17974.json +++ b/2018/17xxx/CVE-2018-17974.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SegfaultMasters/covering360/tree/master/tcpreplay", - "refsource" : "MISC", - "url" : "https://github.com/SegfaultMasters/covering360/tree/master/tcpreplay" - }, - { - "name" : "https://github.com/appneta/tcpreplay/issues/486", - "refsource" : "MISC", - "url" : "https://github.com/appneta/tcpreplay/issues/486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/appneta/tcpreplay/issues/486", + "refsource": "MISC", + "url": "https://github.com/appneta/tcpreplay/issues/486" + }, + { + "name": "https://github.com/SegfaultMasters/covering360/tree/master/tcpreplay", + "refsource": "MISC", + "url": "https://github.com/SegfaultMasters/covering360/tree/master/tcpreplay" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20183.json b/2018/20xxx/CVE-2018-20183.json index 0ae57ac7105..e1dbbfd06bc 100644 --- a/2018/20xxx/CVE-2018-20183.json +++ b/2018/20xxx/CVE-2018-20183.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20183", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20183", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20216.json b/2018/20xxx/CVE-2018-20216.json index 21cd5351d0a..07562d152af 100644 --- a/2018/20xxx/CVE-2018-20216.json +++ b/2018/20xxx/CVE-2018-20216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20181219 CVE-2018-20216 QEMU: pvrdma: infinite loop in pvrdma_qp_send/recv", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/12/19/2" - }, - { - "name" : "[qemu-devel] 20181213 Re: [PATCH v2 6/6] pvrdma: check return value from pvrdma_idx_ring_has_ routines", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html" - }, - { - "name" : "106291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20181219 CVE-2018-20216 QEMU: pvrdma: infinite loop in pvrdma_qp_send/recv", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/12/19/2" + }, + { + "name": "[qemu-devel] 20181213 Re: [PATCH v2 6/6] pvrdma: check return value from pvrdma_idx_ring_has_ routines", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html" + }, + { + "name": "106291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106291" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20256.json b/2018/20xxx/CVE-2018-20256.json index c5ccccc0fb4..42c873861d2 100644 --- a/2018/20xxx/CVE-2018-20256.json +++ b/2018/20xxx/CVE-2018-20256.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20256", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20256", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20632.json b/2018/20xxx/CVE-2018-20632.json index 0a1a9acc616..de554495098 100644 --- a/2018/20xxx/CVE-2018-20632.json +++ b/2018/20xxx/CVE-2018-20632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20632", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20705.json b/2018/20xxx/CVE-2018-20705.json index 87aaa337690..d5c45005f0d 100644 --- a/2018/20xxx/CVE-2018-20705.json +++ b/2018/20xxx/CVE-2018-20705.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20705", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20705", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9072.json b/2018/9xxx/CVE-2018-9072.json index 83cb3c27eb6..07f956577ac 100644 --- a/2018/9xxx/CVE-2018-9072.json +++ b/2018/9xxx/CVE-2018-9072.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2018-9072", - "STATE" : "PUBLIC", - "TITLE" : "LXCI for VMware" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LXCI for VMware", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "5.5" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2018-9072", + "STATE": "PUBLIC", + "TITLE": "LXCI for VMware" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LXCI for VMware", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.5" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-23800", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-23800" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Update LXCI for VMware to version 5.5 or higher." - } - ], - "source" : { - "advisory" : "LEN-23800", - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-23800", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-23800" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update LXCI for VMware to version 5.5 or higher." + } + ], + "source": { + "advisory": "LEN-23800", + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9379.json b/2018/9xxx/CVE-2018-9379.json index 1d3f75c1d33..8fa6f3d8188 100644 --- a/2018/9xxx/CVE-2018-9379.json +++ b/2018/9xxx/CVE-2018-9379.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9379", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9379", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9424.json b/2018/9xxx/CVE-2018-9424.json index 2dae6eda52c..3381c44ee1c 100644 --- a/2018/9xxx/CVE-2018-9424.json +++ b/2018/9xxx/CVE-2018-9424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9424", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9424", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9446.json b/2018/9xxx/CVE-2018-9446.json index 850a50651e6..a8a8ba8275c 100644 --- a/2018/9xxx/CVE-2018-9446.json +++ b/2018/9xxx/CVE-2018-9446.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-9446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-9446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9576.json b/2018/9xxx/CVE-2018-9576.json index c072fe3761a..0467097b642 100644 --- a/2018/9xxx/CVE-2018-9576.json +++ b/2018/9xxx/CVE-2018-9576.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9991.json b/2018/9xxx/CVE-2018-9991.json index 85306fbfa26..7690d252936 100644 --- a/2018/9xxx/CVE-2018-9991.json +++ b/2018/9xxx/CVE-2018-9991.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63", - "refsource" : "MISC", - "url" : "https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63", + "refsource": "MISC", + "url": "https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63" + } + ] + } +} \ No newline at end of file