diff --git a/2002/0xxx/CVE-2002-0274.json b/2002/0xxx/CVE-2002-0274.json index 0ac194faa0e..874ea0a3d58 100644 --- a/2002/0xxx/CVE-2002-0274.json +++ b/2002/0xxx/CVE-2002-0274.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020213 Exim 3.34 and lower (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101362618118598&w=2" - }, - { - "name" : "RHSA-2002:208", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-208.html" - }, - { - "name" : "exim-config-arg-bo(8194)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8194.php" - }, - { - "name" : "4096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "exim-config-arg-bo(8194)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8194.php" + }, + { + "name": "4096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4096" + }, + { + "name": "RHSA-2002:208", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-208.html" + }, + { + "name": "20020213 Exim 3.34 and lower (fwd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101362618118598&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0303.json b/2002/0xxx/CVE-2002-0303.json index 3ce4d3643f2..c364830db11 100644 --- a/2002/0xxx/CVE-2002-0303.json +++ b/2002/0xxx/CVE-2002-0303.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020220 Security issue with GroupWise 6 and LDAP authentication in PostOffice", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101425369510983&w=2" - }, - { - "name" : "4154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4154" + }, + { + "name": "20020220 Security issue with GroupWise 6 and LDAP authentication in PostOffice", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101425369510983&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0878.json b/2002/0xxx/CVE-2002-0878.json index 8153a1a7f62..dce39a2054e 100644 --- a/2002/0xxx/CVE-2002-0878.json +++ b/2002/0xxx/CVE-2002-0878.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020604 sql injection in Logisense software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0010.html" - }, - { - "name" : "4931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4931" - }, - { - "name" : "logisense-sql-injection(9268)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9268.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020604 sql injection in Logisense software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0010.html" + }, + { + "name": "logisense-sql-injection(9268)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9268.php" + }, + { + "name": "4931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4931" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1214.json b/2002/1xxx/CVE-2002-1214.json index d319b2e36ea..9ff8a95f8ba 100644 --- a/2002/1xxx/CVE-2002-1214.json +++ b/2002/1xxx/CVE-2002-1214.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020926 Microsoft PPTP Server and Client remote vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/293146" - }, - { - "name" : "MS02-063", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-063" - }, - { - "name" : "win-pptp-packet-bo (10199)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10199.php" - }, - { - "name" : "5807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5807" + }, + { + "name": "win-pptp-packet-bo (10199)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10199.php" + }, + { + "name": "MS02-063", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-063" + }, + { + "name": "20020926 Microsoft PPTP Server and Client remote vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/293146" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1302.json b/2002/1xxx/CVE-2002-1302.json index 6e3fa4c77b5..caa504e375c 100644 --- a/2002/1xxx/CVE-2002-1302.json +++ b/2002/1xxx/CVE-2002-1302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1302", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-1302", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1875.json b/2002/1xxx/CVE-2002-1875.json index f9f014b0399..8e993a43dfc 100644 --- a/2002/1xxx/CVE-2002-1875.json +++ b/2002/1xxx/CVE-2002-1875.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020710 Entercept Agent Password Exposure", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-07/0010.html" - }, - { - "name" : "5206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5206" - }, - { - "name" : "entercept-agent-password-exposure(9546)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9546.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020710 Entercept Agent Password Exposure", + "refsource": "NTBUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-07/0010.html" + }, + { + "name": "5206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5206" + }, + { + "name": "entercept-agent-password-exposure(9546)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9546.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2012.json b/2002/2xxx/CVE-2002-2012.json index b9f1ad94a64..c16d5aa5c21 100644 --- a/2002/2xxx/CVE-2002-2012.json +++ b/2002/2xxx/CVE-2002-2012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause \"unexpected results\" via an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBTL0201-010", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/3761" - }, - { - "name" : "3796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3796" - }, - { - "name" : "apache-http-unexpected-behavior(7810)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7810.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause \"unexpected results\" via an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBTL0201-010", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/3761" + }, + { + "name": "3796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3796" + }, + { + "name": "apache-http-unexpected-behavior(7810)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7810.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2219.json b/2002/2xxx/CVE-2002-2219.json index 852d52c1b92..f0c20a6317e 100644 --- a/2002/2xxx/CVE-2002-2219.json +++ b/2002/2xxx/CVE-2002-2219.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/unixfocus/6C00N0K6AO.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/6C00N0K6AO.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649" - }, - { - "name" : "6472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6472" - }, - { - "name" : "1005847", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005847" - }, - { - "name" : "chetcpasswd-shadow-file-disclosure(10946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649" + }, + { + "name": "chetcpasswd-shadow-file-disclosure(10946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10946" + }, + { + "name": "http://www.securiteam.com/unixfocus/6C00N0K6AO.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/6C00N0K6AO.html" + }, + { + "name": "1005847", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005847" + }, + { + "name": "6472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6472" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0013.json b/2003/0xxx/CVE-2003-0013.json index 97b602373e5..6534d39aeed 100644 --- a/2003/0xxx/CVE-2003-0013.json +++ b/2003/0xxx/CVE-2003-0013.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030102 [BUGZILLA] Security Advisory - remote database password disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104154319200399&w=2" - }, - { - "name" : "DSA-230", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-230" - }, - { - "name" : "6501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6501" - }, - { - "name" : "bugzilla-htaccess-database-password(10970)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10970.php" - }, - { - "name" : "6351", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6351", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6351" + }, + { + "name": "6501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6501" + }, + { + "name": "bugzilla-htaccess-database-password(10970)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10970.php" + }, + { + "name": "20030102 [BUGZILLA] Security Advisory - remote database password disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104154319200399&w=2" + }, + { + "name": "DSA-230", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-230" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0053.json b/2003/0xxx/CVE-2003-0053.json index 8193da7d387..d820db85e0f 100644 --- a/2003/0xxx/CVE-2003-0053.json +++ b/2003/0xxx/CVE-2003-0053.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2" - }, - { - "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt" - }, - { - "name" : "6958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6958" - }, - { - "name" : "quicktime-darwin-parsexml-xss(11404)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11404.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt" + }, + { + "name": "6958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6958" + }, + { + "name": "quicktime-darwin-parsexml-xss(11404)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11404.php" + }, + { + "name": "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104618904330226&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0099.json b/2003/0xxx/CVE-2003-0099.json index 9682449188d..e05fc756ffc 100644 --- a/2003/0xxx/CVE-2003-0099.json +++ b/2003/0xxx/CVE-2003-0099.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=137900", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=137900" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=137892", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=137892" - }, - { - "name" : "CSSA-2003-015.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt" - }, - { - "name" : "MDKSA-2003:018", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018" - }, - { - "name" : "SuSE-SA:2003:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html" - }, - { - "name" : "DSA-277", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-277" - }, - { - "name" : "7200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7200" - }, - { - "name" : "1006108", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1006108" - }, - { - "name" : "apcupsd-vsprintf-multiple-bo(11491)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11491.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=137900", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=137900" + }, + { + "name": "1006108", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1006108" + }, + { + "name": "MDKSA-2003:018", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018" + }, + { + "name": "apcupsd-vsprintf-multiple-bo(11491)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11491.php" + }, + { + "name": "7200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7200" + }, + { + "name": "SuSE-SA:2003:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=137892", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=137892" + }, + { + "name": "DSA-277", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-277" + }, + { + "name": "CSSA-2003-015.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5000.json b/2009/5xxx/CVE-2009-5000.json index 2dc45904e82..67206af8d81 100644 --- a/2009/5xxx/CVE-2009-5000.json +++ b/2009/5xxx/CVE-2009-5000.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", - "refsource" : "CONFIRM", - "url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm" - }, - { - "name" : "PJ35679", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ35679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PJ35679", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ35679" + }, + { + "name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", + "refsource": "CONFIRM", + "url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0190.json b/2012/0xxx/CVE-2012-0190.json index 2fc04c35eec..6cccc6fbf81 100644 --- a/2012/0xxx/CVE-2012-0190.json +++ b/2012/0xxx/CVE-2012-0190.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21577956", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21577956" - }, - { - "name" : "47565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47565" - }, - { - "name" : "spss-wxporthtml-activex-code-execution(72121)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47565" + }, + { + "name": "spss-wxporthtml-activex-code-execution(72121)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72121" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21577956", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21577956" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0366.json b/2012/0xxx/CVE-2012-0366.json index 4e4dc9395b9..bd451920e7b 100644 --- a/2012/0xxx/CVE-2012-0366.json +++ b/2012/0xxx/CVE-2012-0366.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-0366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120229 Multiple Vulnerabilities in Cisco Unity Connection", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cuc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120229 Multiple Vulnerabilities in Cisco Unity Connection", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cuc" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0518.json b/2012/0xxx/CVE-2012-0518.json index f0872338f4e..fdef0076d4c 100644 --- a/2012/0xxx/CVE-2012-0518.json +++ b/2012/0xxx/CVE-2012-0518.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0585.json b/2012/0xxx/CVE-2012-0585.json index 2fe45efd394..bb1a6f14106 100644 --- a/2012/0xxx/CVE-2012-0585.json +++ b/2012/0xxx/CVE-2012-0585.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "79964", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79964" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "appleios-browsing-sec-bypass(73871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "79964", + "refsource": "OSVDB", + "url": "http://osvdb.org/79964" + }, + { + "name": "appleios-browsing-sec-bypass(73871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0913.json b/2012/0xxx/CVE-2012-0913.json index 35b6de72df5..e4d2edbd5d2 100644 --- a/2012/0xxx/CVE-2012-0913.json +++ b/2012/0xxx/CVE-2012-0913.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18394", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18394" - }, - { - "name" : "51589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51589" - }, - { - "name" : "78444", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78444" - }, - { - "name" : "47660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47660" - }, - { - "name" : "ictimeattendance-passw-sql-injection(72569)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78444", + "refsource": "OSVDB", + "url": "http://osvdb.org/78444" + }, + { + "name": "18394", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18394" + }, + { + "name": "47660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47660" + }, + { + "name": "51589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51589" + }, + { + "name": "ictimeattendance-passw-sql-injection(72569)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72569" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1063.json b/2012/1xxx/CVE-2012-1063.json index e60ab6fc606..5c38c64a32f 100644 --- a/2012/1xxx/CVE-2012-1063.json +++ b/2012/1xxx/CVE-2012-1063.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/109238/VL-115.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/109238/VL-115.txt" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=115", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=115" - }, - { - "name" : "51796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51796" - }, - { - "name" : "meapplication-multiple-sql-injection(72831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=115", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=115" + }, + { + "name": "http://packetstormsecurity.org/files/view/109238/VL-115.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt" + }, + { + "name": "meapplication-multiple-sql-injection(72831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72831" + }, + { + "name": "51796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51796" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1419.json b/2012/1xxx/CVE-2012-1419.json index c847231ae1d..d5d6631e301 100644 --- a/2012/1xxx/CVE-2012-1419.json +++ b/2012/1xxx/CVE-2012-1419.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "52572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52572" - }, - { - "name" : "80409", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "52572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52572" + }, + { + "name": "80409", + "refsource": "OSVDB", + "url": "http://osvdb.org/80409" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3427.json b/2012/3xxx/CVE-2012-3427.json index dfe591709e5..d17259386bb 100644 --- a/2012/3xxx/CVE-2012-3427.json +++ b/2012/3xxx/CVE-2012-3427.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2012:1376", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1376.html" - }, - { - "name" : "55945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55945" - }, - { - "name" : "86409", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/86409" - }, - { - "name" : "51016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51016" - }, - { - "name" : "jbosseap-info-disc(79398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1376", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1376.html" + }, + { + "name": "55945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55945" + }, + { + "name": "51016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51016" + }, + { + "name": "jbosseap-info-disc(79398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79398" + }, + { + "name": "86409", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/86409" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3555.json b/2012/3xxx/CVE-2012-3555.json index 57abd1356be..19d8e1e9c8c 100644 --- a/2012/3xxx/CVE-2012-3555.json +++ b/2012/3xxx/CVE-2012-3555.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a \"hidden keyboard navigation\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1165/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1165/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/1200/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1200/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1200/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1200/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1200/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1200/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1021/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a \"hidden keyboard navigation\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/unix/1200/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1200/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1165/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1165/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1200/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1200/" + }, + { + "name": "http://www.opera.com/support/kb/view/1021/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1021/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1200/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1200/" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3887.json b/2012/3xxx/CVE-2012-3887.json index cc5aa103c86..927578ab383 100644 --- a/2012/3xxx/CVE-2012-3887.json +++ b/2012/3xxx/CVE-2012-3887.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an \"Encrypted Transmission\" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120712 security advisory: AirDroid 1.0.4 beta", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html" - }, - { - "name" : "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt", - "refsource" : "MISC", - "url" : "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an \"Encrypted Transmission\" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120712 security advisory: AirDroid 1.0.4 beta", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html" + }, + { + "name": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt", + "refsource": "MISC", + "url": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4156.json b/2012/4xxx/CVE-2012-4156.json index fc44caca5c3..67d81bcd43d 100644 --- a/2012/4xxx/CVE-2012-4156.json +++ b/2012/4xxx/CVE-2012-4156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-4156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "oval:org.mitre.oval:def:16169", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16169", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16169" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4386.json b/2012/4xxx/CVE-2012-4386.json index fd25306921b..07ce46d49d8 100644 --- a/2012/4xxx/CVE-2012-4386.json +++ b/2012/4xxx/CVE-2012-4386.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120901 CVE request: Apache Struts S2-010 and S2-011", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/01/4" - }, - { - "name" : "[oss-security] 20120901 Re: CVE request: Apache Struts S2-010 and S2-011", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/01/5" - }, - { - "name" : "http://struts.apache.org/2.x/docs/s2-010.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/2.x/docs/s2-010.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/WW-3858", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/WW-3858" - }, - { - "name" : "55346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55346" - }, - { - "name" : "50420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50420" - }, - { - "name" : "apache-struts-csrf(78182)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/WW-3858", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/WW-3858" + }, + { + "name": "apache-struts-csrf(78182)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78182" + }, + { + "name": "[oss-security] 20120901 Re: CVE request: Apache Struts S2-010 and S2-011", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/01/5" + }, + { + "name": "50420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50420" + }, + { + "name": "55346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55346" + }, + { + "name": "http://struts.apache.org/2.x/docs/s2-010.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/2.x/docs/s2-010.html" + }, + { + "name": "[oss-security] 20120901 CVE request: Apache Struts S2-010 and S2-011", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/01/4" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4852.json b/2012/4xxx/CVE-2012-4852.json index 08c9e6b8925..04f77b26f42 100644 --- a/2012/4xxx/CVE-2012-4852.json +++ b/2012/4xxx/CVE-2012-4852.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4852", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4852", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2166.json b/2017/2xxx/CVE-2017-2166.json index 613ff0d0aff..c85a4990be8 100644 --- a/2017/2xxx/CVE-2017-2166.json +++ b/2017/2xxx/CVE-2017-2166.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GroupSession", - "version" : { - "version_data" : [ - { - "version_value" : "version 4.7.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Japan Total System Co.,Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Open Redirect" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GroupSession", + "version": { + "version_data": [ + { + "version_value": "version 4.7.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Japan Total System Co.,Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#26200083", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN26200083/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#26200083", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN26200083/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2558.json b/2017/2xxx/CVE-2017-2558.json index efc65bc933a..87280770c7e 100644 --- a/2017/2xxx/CVE-2017-2558.json +++ b/2017/2xxx/CVE-2017-2558.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2558", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2558", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2709.json b/2017/2xxx/CVE-2017-2709.json index f731f624b91..00c29be83bb 100644 --- a/2017/2xxx/CVE-2017-2709.json +++ b/2017/2xxx/CVE-2017-2709.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HiGame, SkyTone", - "version" : { - "version_data" : [ - { - "version_value" : "HiGame Earlier than 7.3.0 versions, SkyTone Earlier than 8.1.1 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, the attacker can send malformed packets to the device. Due to the lack of adequate input validation of APPs, which causes the APPs Denial of Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DOS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HiGame, SkyTone", + "version": { + "version_data": [ + { + "version_value": "HiGame Earlier than 7.3.0 versions, SkyTone Earlier than 8.1.1 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-appdos-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-appdos-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, the attacker can send malformed packets to the device. Due to the lack of adequate input validation of APPs, which causes the APPs Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-appdos-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-appdos-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2785.json b/2017/2xxx/CVE-2017-2785.json index 20edeb82a73..1786e94c057 100644 --- a/2017/2xxx/CVE-2017-2785.json +++ b/2017/2xxx/CVE-2017-2785.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PopUp Printer Client", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Pharos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PopUp Printer Client", + "version": { + "version_data": [ + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "Pharos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2017-0280/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2017-0280/" - }, - { - "name" : "96742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2017-0280/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2017-0280/" + }, + { + "name": "96742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96742" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3600.json b/2017/3xxx/CVE-2017-3600.json index fd35328a177..753d856c09f 100644 --- a/2017/3xxx/CVE-2017-3600.json +++ b/2017/3xxx/CVE-2017-3600.json @@ -1,111 +1,111 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.54 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.6.35 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.54 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.6.35 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "DSA-3834", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3834" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "RHSA-2016:2927", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2927.html" - }, - { - "name" : "RHSA-2016:2928", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2928.html" - }, - { - "name" : "RHSA-2017:2192", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2192" - }, - { - "name" : "97765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97765" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "RHSA-2016:2927", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html" + }, + { + "name": "DSA-3834", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3834" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "97765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97765" + }, + { + "name": "RHSA-2016:2928", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html" + }, + { + "name": "RHSA-2017:2192", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2192" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6142.json b/2017/6xxx/CVE-2017-6142.json index eb955e8e446..0d89abaebc6 100644 --- a/2017/6xxx/CVE-2017-6142.json +++ b/2017/6xxx/CVE-2017-6142.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-01-18T00:00:00", - "ID" : "CVE-2017-6142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP AFM", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.1.0 - 12.1.2" - }, - { - "version_value" : "11.6.0 - 11.6.2" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X509 certificate verification was not correctly implemented in the early access \"user id\" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Failed certificate validation" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-01-18T00:00:00", + "ID": "CVE-2017-6142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP AFM", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.1.0 - 12.1.2" + }, + { + "version_value": "11.6.0 - 11.6.2" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K20682450", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K20682450" - }, - { - "name" : "1040255", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X509 certificate verification was not correctly implemented in the early access \"user id\" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Failed certificate validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K20682450", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K20682450" + }, + { + "name": "1040255", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040255" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6370.json b/2017/6xxx/CVE-2017-6370.json index e94ac9f7077..39b45cb8f39 100644 --- a/2017/6xxx/CVE-2017-6370.json +++ b/2017/6xxx/CVE-2017-6370.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request", - "refsource" : "MISC", - "url" : "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request" - }, - { - "name" : "97071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97071" + }, + { + "name": "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request", + "refsource": "MISC", + "url": "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6499.json b/2017/6xxx/CVE-2017-6499.json index 71f85a99753..32956644b09 100644 --- a/2017/6xxx/CVE-2017-6499.json +++ b/2017/6xxx/CVE-2017-6499.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/856880", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/856880" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543" - }, - { - "name" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634", - "refsource" : "CONFIRM", - "url" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634" - }, - { - "name" : "DSA-3808", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3808" - }, - { - "name" : "96590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634", + "refsource": "CONFIRM", + "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634" + }, + { + "name": "96590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96590" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543" + }, + { + "name": "DSA-3808", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3808" + }, + { + "name": "https://bugs.debian.org/856880", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/856880" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6988.json b/2017/6xxx/CVE-2017-6988.json index 0e8846affaf..2da7af58211 100644 --- a/2017/6xxx/CVE-2017-6988.json +++ b/2017/6xxx/CVE-2017-6988.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-6988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"802.1X\" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-6988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207797", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207797" - }, - { - "name" : "1038484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"802.1X\" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038484" + }, + { + "name": "https://support.apple.com/HT207797", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207797" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7256.json b/2017/7xxx/CVE-2017-7256.json index 3f24dbc73e0..ef590957442 100644 --- a/2017/7xxx/CVE-2017-7256.json +++ b/2017/7xxx/CVE-2017-7256.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in the CMS Made Simple (CMSMS) 2.1.6 \"Content-->News-->Add Article\" feature via the m1_summary parameter. Someone must login to conduct the attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.03i0.com/index.php/archives/113/", - "refsource" : "MISC", - "url" : "http://www.03i0.com/index.php/archives/113/" - }, - { - "name" : "97204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in the CMS Made Simple (CMSMS) 2.1.6 \"Content-->News-->Add Article\" feature via the m1_summary parameter. Someone must login to conduct the attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.03i0.com/index.php/archives/113/", + "refsource": "MISC", + "url": "http://www.03i0.com/index.php/archives/113/" + }, + { + "name": "97204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97204" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7756.json b/2017/7xxx/CVE-2017-7756.json index 93e7d0e1696..b9ca38ce023 100644 --- a/2017/7xxx/CVE-2017-7756.json +++ b/2017/7xxx/CVE-2017-7756.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "54" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free and use-after-scope logging XHR header errors" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "54" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1366595", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1366595" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/" - }, - { - "name" : "DSA-3881", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3881" - }, - { - "name" : "DSA-3918", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3918" - }, - { - "name" : "RHSA-2017:1440", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1440" - }, - { - "name" : "RHSA-2017:1561", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1561" - }, - { - "name" : "99057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99057" - }, - { - "name" : "1038689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free and use-after-scope logging XHR header errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99057" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366595", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366595" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/" + }, + { + "name": "DSA-3918", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3918" + }, + { + "name": "1038689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038689" + }, + { + "name": "DSA-3881", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3881" + }, + { + "name": "RHSA-2017:1440", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1440" + }, + { + "name": "RHSA-2017:1561", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1561" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-17/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7829.json b/2017/7xxx/CVE-2017-7829.json index 2fd0aca41c8..da18daf065f 100644 --- a/2017/7xxx/CVE-2017-7829.json +++ b/2017/7xxx/CVE-2017-7829.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Mailsploit part 1: From address with encoded null character is cut off in message header display" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.5.2" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1423432", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1423432" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-30/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-30/" - }, - { - "name" : "DSA-4075", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4075" - }, - { - "name" : "RHSA-2018:0061", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0061" - }, - { - "name" : "USN-3529-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3529-1/" - }, - { - "name" : "102258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102258" - }, - { - "name" : "1040123", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Mailsploit part 1: From address with encoded null character is cut off in message header display" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html" + }, + { + "name": "USN-3529-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3529-1/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1423432", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1423432" + }, + { + "name": "102258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102258" + }, + { + "name": "1040123", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040123" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-30/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-30/" + }, + { + "name": "DSA-4075", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4075" + }, + { + "name": "RHSA-2018:0061", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0061" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7971.json b/2017/7xxx/CVE-2017-7971.json index c70adb14e55..91d7e91eeb9 100644 --- a/2017/7xxx/CVE-2017-7971.json +++ b/2017/7xxx/CVE-2017-7971.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2017-06-22T00:00:00", - "ID" : "CVE-2017-7971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PowerSCADA Anywhere", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2" - } - ] - } - }, - { - "product_name" : "Citect Anywhere", - "version" : { - "version_data" : [ - { - "version_value" : "version 1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validaiton of Certificate Expiration" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2017-06-22T00:00:00", + "ID": "CVE-2017-7971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PowerSCADA Anywhere", + "version": { + "version_data": [ + { + "version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2" + } + ] + } + }, + { + "product_name": "Citect Anywhere", + "version": { + "version_data": [ + { + "version_value": "version 1.0" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/", - "refsource" : "CONFIRM", - "url" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/" - }, - { - "name" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere", - "refsource" : "CONFIRM", - "url" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere" - }, - { - "name" : "99913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validaiton of Certificate Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99913" + }, + { + "name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere", + "refsource": "CONFIRM", + "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere" + }, + { + "name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/", + "refsource": "CONFIRM", + "url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10004.json b/2018/10xxx/CVE-2018-10004.json index ea2ce38f225..8c4f000b6a2 100644 --- a/2018/10xxx/CVE-2018-10004.json +++ b/2018/10xxx/CVE-2018-10004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10004", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10004", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10775.json b/2018/10xxx/CVE-2018-10775.json index 28d39a43276..4721fcab7d5 100644 --- a/2018/10xxx/CVE-2018-10775.json +++ b/2018/10xxx/CVE-2018-10775.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drive.google.com/drive/u/1/folders/1qtq272m7jJaEUPGFLvyXmIl5zNJv7rd1", - "refsource" : "MISC", - "url" : "https://drive.google.com/drive/u/1/folders/1qtq272m7jJaEUPGFLvyXmIl5zNJv7rd1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drive.google.com/drive/u/1/folders/1qtq272m7jJaEUPGFLvyXmIl5zNJv7rd1", + "refsource": "MISC", + "url": "https://drive.google.com/drive/u/1/folders/1qtq272m7jJaEUPGFLvyXmIl5zNJv7rd1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10853.json b/2018/10xxx/CVE-2018-10853.json index fb4368069a2..41e255480a0 100644 --- a/2018/10xxx/CVE-2018-10853.json +++ b/2018/10xxx/CVE-2018-10853.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-10853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel", - "version" : { - "version_data" : [ - { - "version_value" : "4.18" - } - ] - } - } - ] - }, - "vendor_name" : "Linux" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-250" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "4.18" + } + ] + } + } + ] + }, + "vendor_name": "Linux" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" - }, - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" - }, - { - "name" : "https://www.openwall.com/lists/oss-security/2018/09/02/1", - "refsource" : "MISC", - "url" : "https://www.openwall.com/lists/oss-security/2018/09/02/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6" - }, - { - "name" : "USN-3777-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-1/" - }, - { - "name" : "USN-3777-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853" + }, + { + "name": "USN-3777-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-1/" + }, + { + "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74" + }, + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" + }, + { + "name": "USN-3777-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-2/" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6" + }, + { + "name": "https://www.openwall.com/lists/oss-security/2018/09/02/1", + "refsource": "MISC", + "url": "https://www.openwall.com/lists/oss-security/2018/09/02/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14223.json b/2018/14xxx/CVE-2018-14223.json index 36a0eb8f765..1ed76d3eafa 100644 --- a/2018/14xxx/CVE-2018-14223.json +++ b/2018/14xxx/CVE-2018-14223.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14223", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14223", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14233.json b/2018/14xxx/CVE-2018-14233.json index 9fbd10d2c68..74bf67f012a 100644 --- a/2018/14xxx/CVE-2018-14233.json +++ b/2018/14xxx/CVE-2018-14233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14233", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14233", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14544.json b/2018/14xxx/CVE-2018-14544.json index 30f2439ef89..f3d31272996 100644 --- a/2018/14xxx/CVE-2018-14544.json +++ b/2018/14xxx/CVE-2018-14544.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/291", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/291", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/291" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14739.json b/2018/14xxx/CVE-2018-14739.json index da92c4e714e..d35b182f6e3 100644 --- a/2018/14xxx/CVE-2018-14739.json +++ b/2018/14xxx/CVE-2018-14739.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407323971", - "refsource" : "MISC", - "url" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407323971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407323971", + "refsource": "MISC", + "url": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407323971" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14814.json b/2018/14xxx/CVE-2018-14814.json index 6e40374e840..da4234a3a20 100644 --- a/2018/14xxx/CVE-2018-14814.json +++ b/2018/14xxx/CVE-2018-14814.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14814", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14814", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14978.json b/2018/14xxx/CVE-2018-14978.json index 7d64f0c7af6..d342325c00f 100644 --- a/2018/14xxx/CVE-2018-14978.json +++ b/2018/14xxx/CVE-2018-14978.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/QCMS/blob/master/CSRF", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/QCMS/blob/master/CSRF" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/QCMS/blob/master/CSRF", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/QCMS/blob/master/CSRF" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20165.json b/2018/20xxx/CVE-2018-20165.json index 3377f4a7136..724aa3c9506 100644 --- a/2018/20xxx/CVE-2018-20165.json +++ b/2018/20xxx/CVE-2018-20165.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20165", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20165", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20226.json b/2018/20xxx/CVE-2018-20226.json index 2d0b14ef3a5..f70cbb77b11 100644 --- a/2018/20xxx/CVE-2018-20226.json +++ b/2018/20xxx/CVE-2018-20226.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md" - }, - { - "name" : "https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a", - "refsource" : "CONFIRM", - "url" : "https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a" - }, - { - "name" : "https://github.com/TheHive-Project/Cortex/issues/158", - "refsource" : "CONFIRM", - "url" : "https://github.com/TheHive-Project/Cortex/issues/158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a", + "refsource": "CONFIRM", + "url": "https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a" + }, + { + "name": "https://github.com/TheHive-Project/Cortex/issues/158", + "refsource": "CONFIRM", + "url": "https://github.com/TheHive-Project/Cortex/issues/158" + }, + { + "name": "https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20319.json b/2018/20xxx/CVE-2018-20319.json index a9cce68af92..0bdc6048bfd 100644 --- a/2018/20xxx/CVE-2018-20319.json +++ b/2018/20xxx/CVE-2018-20319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9174.json b/2018/9xxx/CVE-2018-9174.json index dada6e8bf63..d206f63560a 100644 --- a/2018/9xxx/CVE-2018-9174.json +++ b/2018/9xxx/CVE-2018-9174.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xz.aliyun.com/t/2237", - "refsource" : "MISC", - "url" : "https://xz.aliyun.com/t/2237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://xz.aliyun.com/t/2237", + "refsource": "MISC", + "url": "https://xz.aliyun.com/t/2237" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9659.json b/2018/9xxx/CVE-2018-9659.json index a45e3a6ec95..248e922acea 100644 --- a/2018/9xxx/CVE-2018-9659.json +++ b/2018/9xxx/CVE-2018-9659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9659", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9659", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9900.json b/2018/9xxx/CVE-2018-9900.json index ed355ef24fe..e4955ec4539 100644 --- a/2018/9xxx/CVE-2018-9900.json +++ b/2018/9xxx/CVE-2018-9900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9981.json b/2018/9xxx/CVE-2018-9981.json index 8ee0fa361aa..62663c0f0a6 100644 --- a/2018/9xxx/CVE-2018-9981.json +++ b/2018/9xxx/CVE-2018-9981.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-824-Access of Uninitialized Pointer" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-379", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-379" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824-Access of Uninitialized Pointer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-379", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-379" + } + ] + } +} \ No newline at end of file