diff --git a/2002/0xxx/CVE-2002-0106.json b/2002/0xxx/CVE-2002-0106.json index e6b5d59653e..7395d434b36 100644 --- a/2002/0xxx/CVE-2002-0106.json +++ b/2002/0xxx/CVE-2002-0106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020108 KPMG-2002003: Bea Weblogic DOS-device Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101050440629269&w=2" - }, - { - "name" : "3816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3816" - }, - { - "name" : "weblogic-dos-jsp-dos(7808)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7808.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weblogic-dos-jsp-dos(7808)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7808.php" + }, + { + "name": "20020108 KPMG-2002003: Bea Weblogic DOS-device Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101050440629269&w=2" + }, + { + "name": "3816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3816" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0970.json b/2002/0xxx/CVE-2002-0970.json index 51a3ff99ad9..09c6c50f028 100644 --- a/2002/0xxx/CVE-2002-0970.json +++ b/2002/0xxx/CVE-2002-0970.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020812 Re: IE SSL Vulnerability (Konqueror affected too)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102918241005893&w=2" - }, - { - "name" : "20020818 KDE Security Advisory: Konqueror SSL vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20020818-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20020818-1.txt" - }, - { - "name" : "DSA-155", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-155" - }, - { - "name" : "MDKSA-2002:058", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058" - }, - { - "name" : "CSSA-2002-047.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt" - }, - { - "name" : "CLA-2002:519", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519" - }, - { - "name" : "RHSA-2002:220", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html" - }, - { - "name" : "RHSA-2002:221", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-221.html" - }, - { - "name" : "ssl-ca-certificate-spoofing(9776)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9776" - }, - { - "name" : "5410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ssl-ca-certificate-spoofing(9776)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9776" + }, + { + "name": "RHSA-2002:220", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-220.html" + }, + { + "name": "5410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5410" + }, + { + "name": "http://www.kde.org/info/security/advisory-20020818-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20020818-1.txt" + }, + { + "name": "20020812 Re: IE SSL Vulnerability (Konqueror affected too)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102918241005893&w=2" + }, + { + "name": "CLA-2002:519", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519" + }, + { + "name": "RHSA-2002:221", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-221.html" + }, + { + "name": "20020818 KDE Security Advisory: Konqueror SSL vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html" + }, + { + "name": "DSA-155", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-155" + }, + { + "name": "MDKSA-2002:058", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058" + }, + { + "name": "CSSA-2002-047.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1936.json b/2002/1xxx/CVE-2002-1936.json index 0b29b42dad9..ec72eeff026 100644 --- a/2002/1xxx/CVE-2002-1936.json +++ b/2002/1xxx/CVE-2002-1936.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of \"*field\", (2) guru account with a password of \"*3noguru\", (3) snmp account with a password of \"snmp\", or (4) dbase account with a password of \"dbase\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020823 UTStarcom B-NAS 1000 / B-RAS 1000 Major Security Flaw", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/288866" - }, - { - "name" : "5564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5564" - }, - { - "name" : "utstarcom-bas-default-accounts(9951)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9951.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of \"*field\", (2) guru account with a password of \"*3noguru\", (3) snmp account with a password of \"snmp\", or (4) dbase account with a password of \"dbase\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5564" + }, + { + "name": "utstarcom-bas-default-accounts(9951)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9951.php" + }, + { + "name": "20020823 UTStarcom B-NAS 1000 / B-RAS 1000 Major Security Flaw", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/288866" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0316.json b/2003/0xxx/CVE-2003-0316.json index 39b7256acd1..329062373c0 100644 --- a/2003/0xxx/CVE-2003-0316.json +++ b/2003/0xxx/CVE-2003-0316.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030516 Venturi Client 2.1 confirmed as open relay [Verizon Wireless Mobile Office]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0188.html" - }, - { - "name" : "http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm", - "refsource" : "MISC", - "url" : "http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030516 Venturi Client 2.1 confirmed as open relay [Verizon Wireless Mobile Office]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0188.html" + }, + { + "name": "http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm", + "refsource": "MISC", + "url": "http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0371.json b/2003/0xxx/CVE-2003-0371.json index 1497fefce0f..341a27edb80 100644 --- a/2003/0xxx/CVE-2003-0371.json +++ b/2003/0xxx/CVE-2003-0371.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030522 Prishtina FTP v.1.*: remote DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105370592729044&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030522 Prishtina FTP v.1.*: remote DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105370592729044&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0757.json b/2003/0xxx/CVE-2003-0757.json index d59b76be2b9..4f2952a5839 100644 --- a/2003/0xxx/CVE-2003-0757.json +++ b/2003/0xxx/CVE-2003-0757.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030902 IRM 007: The IP addresses of Check Point Firewall-1 internal interfaces may be enumerated using SecuRemote", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0018.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030902 IRM 007: The IP addresses of Check Point Firewall-1 internal interfaces may be enumerated using SecuRemote", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0018.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1004.json b/2003/1xxx/CVE-2003-1004.json index 51a42c9706b..66645b3bcd2 100644 --- a/2003/1xxx/CVE-2003-1004.json +++ b/2003/1xxx/CVE-2003-1004.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031215 Cisco PIX Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031215 Cisco PIX Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1391.json b/2003/1xxx/CVE-2003-1391.json index 2100796d336..41217ab1210 100644 --- a/2003/1xxx/CVE-2003-1391.json +++ b/2003/1xxx/CVE-2003-1391.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/311176" - }, - { - "name" : "6810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6810" - }, - { - "name" : "cryptobuddy-password-dictionary(11298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cryptobuddy-password-dictionary(11298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11298" + }, + { + "name": "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/311176" + }, + { + "name": "6810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6810" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2685.json b/2004/2xxx/CVE-2004-2685.json index 29a25bc1e40..f1cc97b4721 100644 --- a/2004/2xxx/CVE-2004-2685.json +++ b/2004/2xxx/CVE-2004-2685.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4360", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4360" - }, - { - "name" : "621", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/621" - }, - { - "name" : "http://www.youngzsoft.net/ccproxy/whatsnew.htm", - "refsource" : "MISC", - "url" : "http://www.youngzsoft.net/ccproxy/whatsnew.htm" - }, - { - "name" : "13085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "621", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/621" + }, + { + "name": "4360", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4360" + }, + { + "name": "13085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13085" + }, + { + "name": "http://www.youngzsoft.net/ccproxy/whatsnew.htm", + "refsource": "MISC", + "url": "http://www.youngzsoft.net/ccproxy/whatsnew.htm" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0120.json b/2012/0xxx/CVE-2012-0120.json index bb593a29c67..fe5639139ad 100644 --- a/2012/0xxx/CVE-2012-0120.json +++ b/2012/0xxx/CVE-2012-0120.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687" - }, - { - "name" : "DSA-2429", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2429" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - }, - { - "name" : "48250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "48250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48250" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687" + }, + { + "name": "DSA-2429", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2429" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0234.json b/2012/0xxx/CVE-2012-0234.json index dcc6c27b38c..958786c6341 100644 --- a/2012/0xxx/CVE-2012-0234.json +++ b/2012/0xxx/CVE-2012-0234.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" - }, - { - "name" : "52051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" + }, + { + "name": "52051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52051" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0304.json b/2012/0xxx/CVE-2012-0304.json index 556c42a90d3..071f040e4bc 100644 --- a/2012/0xxx/CVE-2012-0304.json +++ b/2012/0xxx/CVE-2012-0304.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nessus.org/plugins/index.php?view=single&id=59193", - "refsource" : "MISC", - "url" : "http://www.nessus.org/plugins/index.php?view=single&id=59193" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00" - }, - { - "name" : "53903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53903" - }, - { - "name" : "1027182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027182" + }, + { + "name": "http://www.nessus.org/plugins/index.php?view=single&id=59193", + "refsource": "MISC", + "url": "http://www.nessus.org/plugins/index.php?view=single&id=59193" + }, + { + "name": "53903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53903" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0382.json b/2012/0xxx/CVE-2012-0382.json index 5133032014a..e9d251e9ff1 100644 --- a/2012/0xxx/CVE-2012-0382.json +++ b/2012/0xxx/CVE-2012-0382.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-0382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120328 Cisco IOS Software Multicast Source Discovery Protocol Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-msdp" - }, - { - "name" : "52759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52759" - }, - { - "name" : "80693", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80693" - }, - { - "name" : "1026868", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026868" - }, - { - "name" : "48630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48630" - }, - { - "name" : "48633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48633" - }, - { - "name" : "ciscoios-msdp-dos(74431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026868", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026868" + }, + { + "name": "48630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48630" + }, + { + "name": "52759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52759" + }, + { + "name": "20120328 Cisco IOS Software Multicast Source Discovery Protocol Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-msdp" + }, + { + "name": "80693", + "refsource": "OSVDB", + "url": "http://osvdb.org/80693" + }, + { + "name": "48633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48633" + }, + { + "name": "ciscoios-msdp-dos(74431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74431" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0535.json b/2012/0xxx/CVE-2012-0535.json index d6e43b9d8a9..2644e6f4af6 100644 --- a/2012/0xxx/CVE-2012-0535.json +++ b/2012/0xxx/CVE-2012-0535.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Change Password Page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53059" - }, - { - "name" : "1026936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026936" - }, - { - "name" : "48871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Change Password Page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53059" + }, + { + "name": "48871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48871" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026936" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0745.json b/2012/0xxx/CVE-2012-0745.json index 59a8a50064e..5b302469225 100644 --- a/2012/0xxx/CVE-2012-0745.json +++ b/2012/0xxx/CVE-2012-0745.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc" - }, - { - "name" : "IV18464", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV18464" - }, - { - "name" : "IV18637", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV18637" - }, - { - "name" : "IV18638", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV18638" - }, - { - "name" : "IV19077", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV19077" - }, - { - "name" : "IV19097", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV19097" - }, - { - "name" : "IV19098", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV19098" - }, - { - "name" : "53393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53393" - }, - { - "name" : "81683", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81683" - }, - { - "name" : "1027021", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027021" - }, - { - "name" : "49073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49073" - }, - { - "name" : "aix-getpwnam-privilege-escalation(74679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027021", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027021" + }, + { + "name": "IV19098", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19098" + }, + { + "name": "IV18637", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18637" + }, + { + "name": "49073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49073" + }, + { + "name": "aix-getpwnam-privilege-escalation(74679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74679" + }, + { + "name": "IV19077", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19077" + }, + { + "name": "IV19097", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19097" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc" + }, + { + "name": "IV18464", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18464" + }, + { + "name": "53393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53393" + }, + { + "name": "IV18638", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18638" + }, + { + "name": "81683", + "refsource": "OSVDB", + "url": "http://osvdb.org/81683" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0794.json b/2012/0xxx/CVE-2012-0794.json index b4af969b25d..ca5d63673f0 100644 --- a/2012/0xxx/CVE-2012-0794.json +++ b/2012/0xxx/CVE-2012-0794.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=98456628a24bba25d336860d38a45b5a4e3895da", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=98456628a24bba25d336860d38a45b5a4e3895da" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=194013", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=194013" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=783532", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=783532" - }, - { - "name" : "DSA-2421", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moodle.org/mod/forum/discuss.php?d=194013", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=194013" + }, + { + "name": "DSA-2421", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2421" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=98456628a24bba25d336860d38a45b5a4e3895da", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=98456628a24bba25d336860d38a45b5a4e3895da" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=783532", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783532" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1143.json b/2012/1xxx/CVE-2012-1143.json index fef5867eeb7..93602159c6b 100644 --- a/2012/1xxx/CVE-2012-1143.json +++ b/2012/1xxx/CVE-2012-1143.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/16" - }, - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=800606", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=800606" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201204-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-04.xml" - }, - { - "name" : "MDVSA-2012:057", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057" - }, - { - "name" : "RHSA-2012:0467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0467.html" - }, - { - "name" : "SUSE-SU-2012:0483", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html" - }, - { - "name" : "SUSE-SU-2012:0521", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html" - }, - { - "name" : "SUSE-SU-2012:0484", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html" - }, - { - "name" : "openSUSE-SU-2012:0489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html" - }, - { - "name" : "USN-1403-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1403-1" - }, - { - "name" : "52318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52318" - }, - { - "name" : "1026765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026765" - }, - { - "name" : "48918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48918" - }, - { - "name" : "48758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48758" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - }, - { - "name" : "48822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48822" - }, - { - "name" : "48973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48973" - }, - { - "name" : "48797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48797" - }, - { - "name" : "48508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48797" + }, + { + "name": "48508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48508" + }, + { + "name": "48822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48822" + }, + { + "name": "MDVSA-2012:057", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "48758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48758" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "52318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52318" + }, + { + "name": "USN-1403-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1403-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512" + }, + { + "name": "48918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48918" + }, + { + "name": "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/16" + }, + { + "name": "SUSE-SU-2012:0484", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html" + }, + { + "name": "SUSE-SU-2012:0521", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=800606", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800606" + }, + { + "name": "48973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48973" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html" + }, + { + "name": "RHSA-2012:0467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0467.html" + }, + { + "name": "SUSE-SU-2012:0483", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html" + }, + { + "name": "1026765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026765" + }, + { + "name": "openSUSE-SU-2012:0489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + }, + { + "name": "GLSA-201204-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1511.json b/2012/1xxx/CVE-2012-1511.json index adb0cc135cd..82575d10b90 100644 --- a/2012/1xxx/CVE-2012-1511.json +++ b/2012/1xxx/CVE-2012-1511.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120316 VMSA-2012-0004 VMware View privilege escalation and cross-site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2012-0004.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2012-0004.html" - }, - { - "name" : "52526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52526" - }, - { - "name" : "80118", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80118" - }, - { - "name" : "oval:org.mitre.oval:def:16664", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16664" - }, - { - "name" : "1026814", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026814" - }, - { - "name" : "48379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026814", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026814" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2012-0004.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2012-0004.html" + }, + { + "name": "80118", + "refsource": "OSVDB", + "url": "http://osvdb.org/80118" + }, + { + "name": "oval:org.mitre.oval:def:16664", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16664" + }, + { + "name": "48379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48379" + }, + { + "name": "20120316 VMSA-2012-0004 VMware View privilege escalation and cross-site scripting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html" + }, + { + "name": "52526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52526" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1930.json b/2012/1xxx/CVE-2012-1930.json index 59a2c0d6f0c..18fc59dc6d1 100644 --- a/2012/1xxx/CVE-2012-1930.json +++ b/2012/1xxx/CVE-2012-1930.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/unix/1162/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1162/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1015/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1015/" - }, - { - "name" : "openSUSE-SU-2012:0610", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html" - }, - { - "name" : "48535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48535" - }, - { - "name" : "opera-printing-info-disclosure(74501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opera-printing-info-disclosure(74501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74501" + }, + { + "name": "http://www.opera.com/support/kb/view/1015/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1015/" + }, + { + "name": "openSUSE-SU-2012:0610", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1162/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1162/" + }, + { + "name": "48535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48535" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4332.json b/2012/4xxx/CVE-2012-4332.json index d02c7995143..ccd0061576a 100644 --- a/2012/4xxx/CVE-2012-4332.json +++ b/2012/4xxx/CVE-2012-4332.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/extend/plugins/shareyourcart/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/shareyourcart/changelog/" - }, - { - "name" : "53241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53241" - }, - { - "name" : "48960", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48960", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48960" + }, + { + "name": "53241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53241" + }, + { + "name": "http://wordpress.org/extend/plugins/shareyourcart/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/shareyourcart/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4422.json b/2012/4xxx/CVE-2012-4422.json index 944cfeedd97..fa366e05507 100644 --- a/2012/4xxx/CVE-2012-4422.json +++ b/2012/4xxx/CVE-2012-4422.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120913 Re: CVEs for wordpress 3.4.2 release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/09/13/4" - }, - { - "name" : "http://codex.wordpress.org/Version_3.4.2", - "refsource" : "CONFIRM", - "url" : "http://codex.wordpress.org/Version_3.4.2" - }, - { - "name" : "http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120913 Re: CVEs for wordpress 3.4.2 release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/09/13/4" + }, + { + "name": "http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42" + }, + { + "name": "http://codex.wordpress.org/Version_3.4.2", + "refsource": "CONFIRM", + "url": "http://codex.wordpress.org/Version_3.4.2" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5162.json b/2012/5xxx/CVE-2012-5162.json index e70ab394a8a..b1af8aef869 100644 --- a/2012/5xxx/CVE-2012-5162.json +++ b/2012/5xxx/CVE-2012-5162.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.codseq.it/advisories/multiple_vulnerabilities_in_osclass", - "refsource" : "MISC", - "url" : "http://www.codseq.it/advisories/multiple_vulnerabilities_in_osclass" - }, - { - "name" : "http://osclass.org/2012/01/16/osclass-2-3-5/", - "refsource" : "CONFIRM", - "url" : "http://osclass.org/2012/01/16/osclass-2-3-5/" - }, - { - "name" : "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1", - "refsource" : "CONFIRM", - "url" : "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1" - }, - { - "name" : "47697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47697" - }, - { - "name" : "osclass-id-sql-injection(78964)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "osclass-id-sql-injection(78964)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78964" + }, + { + "name": "http://osclass.org/2012/01/16/osclass-2-3-5/", + "refsource": "CONFIRM", + "url": "http://osclass.org/2012/01/16/osclass-2-3-5/" + }, + { + "name": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1", + "refsource": "CONFIRM", + "url": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1" + }, + { + "name": "47697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47697" + }, + { + "name": "http://www.codseq.it/advisories/multiple_vulnerabilities_in_osclass", + "refsource": "MISC", + "url": "http://www.codseq.it/advisories/multiple_vulnerabilities_in_osclass" + } + ] + } +} \ No newline at end of file diff --git a/2017/1002xxx/CVE-2017-1002018.json b/2017/1002xxx/CVE-2017-1002018.json index d1230430316..0152c148989 100644 --- a/2017/1002xxx/CVE-2017-1002018.json +++ b/2017/1002xxx/CVE-2017-1002018.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-21", - "ID" : "CVE-2017-1002018", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eventr", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "1.02.2" - } - ] - } - } - ] - }, - "vendor_name" : "Binny V A" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2017-05-21", + "ID": "CVE-2017-1002018", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eventr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.02.2" + } + ] + } + } + ] + }, + "vendor_name": "Binny V A" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=192", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=192" - }, - { - "name" : "https://wordpress.org/plugins/eventr/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/eventr/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/eventr/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/eventr/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=192", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=192" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2316.json b/2017/2xxx/CVE-2017-2316.json index a8c8cae31d1..f4f7585bcc5 100644 --- a/2017/2xxx/CVE-2017-2316.json +++ b/2017/2xxx/CVE-2017-2316.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NorthStar Controller Application", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 2.1.0 Service Pack 1" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow vulnerability leading to a denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NorthStar Controller Application", + "version": { + "version_data": [ + { + "version_value": "prior to version 2.1.0 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10783", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10783" - }, - { - "name" : "97601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow vulnerability leading to a denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10783", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10783" + }, + { + "name": "97601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97601" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2629.json b/2017/2xxx/CVE-2017-2629.json index 313c948cd84..50b2f0bbec6 100644 --- a/2017/2xxx/CVE-2017-2629.json +++ b/2017/2xxx/CVE-2017-2629.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "curl", - "version" : { - "version_data" : [ - { - "version_value" : "7.53.0" - } - ] - } - } - ] - }, - "vendor_name" : "CURL" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status)." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "curl", + "version": { + "version_data": [ + { + "version_value": "7.53.0" + } + ] + } + } + ] + }, + "vendor_name": "CURL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2629", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2629" - }, - { - "name" : "https://curl.haxx.se/docs/adv_20170222.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20170222.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-09", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-09" - }, - { - "name" : "GLSA-201703-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201703-04" - }, - { - "name" : "96382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96382" - }, - { - "name" : "1037871", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status)." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96382" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2629", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2629" + }, + { + "name": "1037871", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037871" + }, + { + "name": "https://www.tenable.com/security/tns-2017-09", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-09" + }, + { + "name": "https://curl.haxx.se/docs/adv_20170222.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20170222.html" + }, + { + "name": "GLSA-201703-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201703-04" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3219.json b/2017/3xxx/CVE-2017-3219.json index 547c7c2fc8f..019ed0fd56b 100644 --- a/2017/3xxx/CVE-2017-3219.json +++ b/2017/3xxx/CVE-2017-3219.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "True Image", - "version" : { - "version_data" : [ - { - "version_value" : "" - } - ] - } - } - ] - }, - "vendor_name" : "Acronis" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-311" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "True Image", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Acronis" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#489392", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/489392" - }, - { - "name" : "99128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-311" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99128" + }, + { + "name": "VU#489392", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/489392" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3791.json b/2017/3xxx/CVE-2017-3791.json index 0ba57acd30e..3fd9e054e53 100644 --- a/2017/3xxx/CVE-2017-3791.json +++ b/2017/3xxx/CVE-2017-3791.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home" - }, - { - "name" : "95933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home" + }, + { + "name": "95933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95933" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6087.json b/2017/6xxx/CVE-2017-6087.json index 55c7689e5c6..c0b0e90d374 100644 --- a/2017/6xxx/CVE-2017-6087.json +++ b/2017/6xxx/CVE-2017-6087.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EyesOfNetwork (\"EON\") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41746", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41746/" - }, - { - "name" : "[oss-security] 20170323 [CVE-2017-6087] EON 5.0 Remote Code Execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/23/5" - }, - { - "name" : "https://sysdream.com/news/lab/2017-03-14-cve-2017-6087-eon-5-0-remote-code-execution/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2017-03-14-cve-2017-6087-eon-5-0-remote-code-execution/" - }, - { - "name" : "https://github.com/EyesOfNetworkCommunity/eonweb/commit/196729cc045ef93ceeddd1de505a1de8f9cdf74d", - "refsource" : "CONFIRM", - "url" : "https://github.com/EyesOfNetworkCommunity/eonweb/commit/196729cc045ef93ceeddd1de505a1de8f9cdf74d" - }, - { - "name" : "97109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EyesOfNetwork (\"EON\") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170323 [CVE-2017-6087] EON 5.0 Remote Code Execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/23/5" + }, + { + "name": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/196729cc045ef93ceeddd1de505a1de8f9cdf74d", + "refsource": "CONFIRM", + "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/196729cc045ef93ceeddd1de505a1de8f9cdf74d" + }, + { + "name": "41746", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41746/" + }, + { + "name": "https://sysdream.com/news/lab/2017-03-14-cve-2017-6087-eon-5-0-remote-code-execution/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2017-03-14-cve-2017-6087-eon-5-0-remote-code-execution/" + }, + { + "name": "97109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97109" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6514.json b/2017/6xxx/CVE-2017-6514.json index f70f474180c..e40ed01fda4 100644 --- a/2017/6xxx/CVE-2017-6514.json +++ b/2017/6xxx/CVE-2017-6514.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6514", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6514", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6686.json b/2017/6xxx/CVE-2017-6686.json index 73556b67eab..f0e7800e3f2 100644 --- a/2017/6xxx/CVE-2017-6686.json +++ b/2017/6xxx/CVE-2017-6686.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Ultra Services Framework Element Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Ultra Services Framework Element Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known Affected Releases: 21.0.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Default Credentials Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Ultra Services Framework Element Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Ultra Services Framework Element Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4" - }, - { - "name" : "98988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known Affected Releases: 21.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Default Credentials Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4" + }, + { + "name": "98988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98988" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6804.json b/2017/6xxx/CVE-2017-6804.json index fdda93ad67e..2e28a0c0e93 100644 --- a/2017/6xxx/CVE-2017-6804.json +++ b/2017/6xxx/CVE-2017-6804.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6804", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-6804", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6882.json b/2017/6xxx/CVE-2017-6882.json index 87ee53dcfa8..c2c79ea9601 100644 --- a/2017/6xxx/CVE-2017-6882.json +++ b/2017/6xxx/CVE-2017-6882.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6882", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6882", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7180.json b/2017/7xxx/CVE-2017-7180.json index 9b3fabc25e6..509f87b36ab 100644 --- a/2017/7xxx/CVE-2017-7180.json +++ b/2017/7xxx/CVE-2017-7180.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented \"Block applications\" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42141", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42141/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented \"Block applications\" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42141", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42141/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7410.json b/2017/7xxx/CVE-2017-7410.json index 484a161d281..a75461d3030 100644 --- a/2017/7xxx/CVE-2017-7410.json +++ b/2017/7xxx/CVE-2017-7410.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.websitebaker.org/index.php/topic,30187.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.websitebaker.org/index.php/topic,30187.0.html" - }, - { - "name" : "http://project.websitebaker.org/issues/39", - "refsource" : "CONFIRM", - "url" : "http://project.websitebaker.org/issues/39" - }, - { - "name" : "97495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97495" - }, - { - "name" : "1038173", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://project.websitebaker.org/issues/39", + "refsource": "CONFIRM", + "url": "http://project.websitebaker.org/issues/39" + }, + { + "name": "1038173", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038173" + }, + { + "name": "97495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97495" + }, + { + "name": "http://forum.websitebaker.org/index.php/topic,30187.0.html", + "refsource": "CONFIRM", + "url": "http://forum.websitebaker.org/index.php/topic,30187.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7427.json b/2017/7xxx/CVE-2017-7427.json index dff4615310a..e288e871247 100644 --- a/2017/7xxx/CVE-2017-7427.json +++ b/2017/7xxx/CVE-2017-7427.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.com", - "DATE_PUBLIC" : "2017-09-15T00:00:00.000Z", - "ID" : "CVE-2017-7427", - "STATE" : "PUBLIC", - "TITLE" : "iManager - Multiple Reflected Cross-Site Scripting attacks" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-09-15T00:00:00.000Z", + "ID": "CVE-2017-7427", + "STATE": "PUBLIC", + "TITLE": "iManager - Multiple Reflected Cross-Site Scripting attacks" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.6.1" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Pawel.Batunek@ingservicespolska.pl" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Identity Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" + "lang": "eng", + "value": "Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins." } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Pawel.Batunek@ingservicespolska.pl" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "cross site scripting attack" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1033828", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1033828" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7021423", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7021423" - } - ] - }, - "source" : { - "defect" : [ - "1033828" - ], - "discovery" : "EXTERNAL" - } -} + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross site scripting attack" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1033828", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033828" + }, + { + "name": "https://www.novell.com/support/kb/doc.php?id=7021423", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7021423" + } + ] + }, + "source": { + "defect": [ + "1033828" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7494.json b/2017/7xxx/CVE-2017-7494.json index d6c0e02b38d..6be81ef818a 100644 --- a/2017/7xxx/CVE-2017-7494.json +++ b/2017/7xxx/CVE-2017-7494.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "samba", - "version" : { - "version_data" : [ - { - "version_value" : "since 3.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Samba" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "since 3.5.0" + } + ] + } + } + ] + }, + "vendor_name": "Samba" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42060", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42060/" - }, - { - "name" : "42084", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42084/" - }, - { - "name" : "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01", - "refsource" : "MISC", - "url" : "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2017-7494.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2017-7494.html" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170524-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170524-0001/" - }, - { - "name" : "DSA-3860", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3860" - }, - { - "name" : "GLSA-201805-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-07" - }, - { - "name" : "RHSA-2017:1270", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1270" - }, - { - "name" : "RHSA-2017:1271", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1271" - }, - { - "name" : "RHSA-2017:1272", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1272" - }, - { - "name" : "RHSA-2017:1273", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1273" - }, - { - "name" : "RHSA-2017:1390", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1390" - }, - { - "name" : "98636", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98636" - }, - { - "name" : "1038552", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98636", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98636" + }, + { + "name": "DSA-3860", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3860" + }, + { + "name": "42084", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42084/" + }, + { + "name": "RHSA-2017:1270", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1270" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2017-7494.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2017-7494.html" + }, + { + "name": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01", + "refsource": "MISC", + "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01" + }, + { + "name": "RHSA-2017:1390", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1390" + }, + { + "name": "1038552", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038552" + }, + { + "name": "RHSA-2017:1273", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1273" + }, + { + "name": "RHSA-2017:1271", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1271" + }, + { + "name": "GLSA-201805-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-07" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us" + }, + { + "name": "RHSA-2017:1272", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1272" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170524-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170524-0001/" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us" + }, + { + "name": "42060", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42060/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7516.json b/2017/7xxx/CVE-2017-7516.json index 83553f6bf5a..9014c667981 100644 --- a/2017/7xxx/CVE-2017-7516.json +++ b/2017/7xxx/CVE-2017-7516.json @@ -1,19 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2017-06-05T00:00:00", - "ID" : "CVE-2017-7516", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7516", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7608.json b/2017/7xxx/CVE-2017-7608.json index edc824a97b2..f42bab8ff1b 100644 --- a/2017/7xxx/CVE-2017-7608.json +++ b/2017/7xxx/CVE-2017-7608.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c" - }, - { - "name" : "GLSA-201710-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-10" - }, - { - "name" : "USN-3670-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3670-1/" - }, - { - "name" : "98609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3670-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3670-1/" + }, + { + "name": "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c" + }, + { + "name": "GLSA-201710-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-10" + }, + { + "name": "98609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98609" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8489.json b/2017/8xxx/CVE-2017-8489.json index ba7d0601143..845a9e6555a 100644 --- a/2017/8xxx/CVE-2017-8489.json +++ b/2017/8xxx/CVE-2017-8489.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42213", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42213/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8489", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8489" - }, - { - "name" : "98865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98865" - }, - { - "name" : "1038659", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038659", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038659" + }, + { + "name": "98865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98865" + }, + { + "name": "42213", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42213/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8489", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8489" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10073.json b/2018/10xxx/CVE-2018-10073.json index 24330402d8d..9b4fce9a781 100644 --- a/2018/10xxx/CVE-2018-10073.json +++ b/2018/10xxx/CVE-2018-10073.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/joyplus/joyplus-cms/issues/423", - "refsource" : "MISC", - "url" : "https://github.com/joyplus/joyplus-cms/issues/423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/joyplus/joyplus-cms/issues/423", + "refsource": "MISC", + "url": "https://github.com/joyplus/joyplus-cms/issues/423" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10389.json b/2018/10xxx/CVE-2018-10389.json index 18e88db1791..4c5ee3f2efa 100644 --- a/2018/10xxx/CVE-2018-10389.json +++ b/2018/10xxx/CVE-2018-10389.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10389", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10389", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10534.json b/2018/10xxx/CVE-2018-10534.json index ee4f3a5cf8c..080e86765c0 100644 --- a/2018/10xxx/CVE-2018-10534.json +++ b/2018/10xxx/CVE-2018-10534.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23110", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23110" - }, - { - "name" : "RHSA-2018:3032", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3032" - }, - { - "name" : "104025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104025" + }, + { + "name": "RHSA-2018:3032", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3032" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23110", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23110" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10764.json b/2018/10xxx/CVE-2018-10764.json index 3917249adf9..291c07e75db 100644 --- a/2018/10xxx/CVE-2018-10764.json +++ b/2018/10xxx/CVE-2018-10764.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10764", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10764", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10769.json b/2018/10xxx/CVE-2018-10769.json index 0d7e64b6924..1776a861948 100644 --- a/2018/10xxx/CVE-2018-10769.json +++ b/2018/10xxx/CVE-2018-10769.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md", - "refsource" : "MISC", - "url" : "https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md", + "refsource": "MISC", + "url": "https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14067.json b/2018/14xxx/CVE-2018-14067.json index 85aa79eeafe..6b0375a917e 100644 --- a/2018/14xxx/CVE-2018-14067.json +++ b/2018/14xxx/CVE-2018-14067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14309.json b/2018/14xxx/CVE-2018-14309.json index 1c474de03e0..c64ef54faa5 100644 --- a/2018/14xxx/CVE-2018-14309.json +++ b/2018/14xxx/CVE-2018-14309.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SeedValue Generic Object parameter provided to the signatureSetSeedValue function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6329." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-769", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-769" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SeedValue Generic Object parameter provided to the signatureSetSeedValue function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6329." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-769", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-769" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17221.json b/2018/17xxx/CVE-2018-17221.json index 090e9928092..1c48102d087 100644 --- a/2018/17xxx/CVE-2018-17221.json +++ b/2018/17xxx/CVE-2018-17221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17350.json b/2018/17xxx/CVE-2018-17350.json index 5e37899c6d9..6ca6ce44df9 100644 --- a/2018/17xxx/CVE-2018-17350.json +++ b/2018/17xxx/CVE-2018-17350.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17350", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17350", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17559.json b/2018/17xxx/CVE-2018-17559.json index 56c56ef62e4..3f70bfb9c44 100644 --- a/2018/17xxx/CVE-2018-17559.json +++ b/2018/17xxx/CVE-2018-17559.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17559", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17559", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17750.json b/2018/17xxx/CVE-2018-17750.json index aad2b981023..bbb06e8ea1e 100644 --- a/2018/17xxx/CVE-2018-17750.json +++ b/2018/17xxx/CVE-2018-17750.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17750", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17750", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17911.json b/2018/17xxx/CVE-2018-17911.json index 2b66c22aa5f..5160bba3e2f 100644 --- a/2018/17xxx/CVE-2018-17911.json +++ b/2018/17xxx/CVE-2018-17911.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-16T00:00:00", - "ID" : "CVE-2018-17911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LAquis SCADA", - "version" : { - "version_data" : [ - { - "version_value" : "4.1.0.3870 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-16T00:00:00", + "ID": "CVE-2018-17911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LAquis SCADA", + "version": { + "version_data": [ + { + "version_value": "4.1.0.3870 and prior" + } + ] + } + } + ] + }, + "vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://laquisscada.com/instale1.php", - "refsource" : "MISC", - "url" : "http://laquisscada.com/instale1.php" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://laquisscada.com/instale1.php", + "refsource": "MISC", + "url": "http://laquisscada.com/instale1.php" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20229.json b/2018/20xxx/CVE-2018-20229.json index 90613adbd6b..4f70a246fa3 100644 --- a/2018/20xxx/CVE-2018-20229.json +++ b/2018/20xxx/CVE-2018-20229.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20229", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20229", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20487.json b/2018/20xxx/CVE-2018-20487.json index 225d8aab776..187a265e0cf 100644 --- a/2018/20xxx/CVE-2018-20487.json +++ b/2018/20xxx/CVE-2018-20487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20487", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20487", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20512.json b/2018/20xxx/CVE-2018-20512.json index c344f90569e..086533b23b5 100644 --- a/2018/20xxx/CVE-2018-20512.json +++ b/2018/20xxx/CVE-2018-20512.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technologies_epon_cpewifi/", - "refsource" : "MISC", - "url" : "https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technologies_epon_cpewifi/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technologies_epon_cpewifi/", + "refsource": "MISC", + "url": "https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technologies_epon_cpewifi/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20781.json b/2018/20xxx/CVE-2018-20781.json index a85adbeee8c..62603e29348 100644 --- a/2018/20xxx/CVE-2018-20781.json +++ b/2018/20xxx/CVE-2018-20781.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=781486", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=781486" - }, - { - "name" : "https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3", - "refsource" : "MISC", - "url" : "https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3" - }, - { - "name" : "https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2", - "refsource" : "MISC", - "url" : "https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2" - }, - { - "name" : "USN-3894-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3894-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2", + "refsource": "MISC", + "url": "https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2" + }, + { + "name": "USN-3894-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3894-1/" + }, + { + "name": "https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3", + "refsource": "MISC", + "url": "https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=781486", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=781486" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9281.json b/2018/9xxx/CVE-2018-9281.json index f8841873b0c..ae971cc8c7f 100644 --- a/2018/9xxx/CVE-2018-9281.json +++ b/2018/9xxx/CVE-2018-9281.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9505.json b/2018/9xxx/CVE-2018-9505.json index 3fd03677c13..fa3afd32ea6 100644 --- a/2018/9xxx/CVE-2018-9505.json +++ b/2018/9xxx/CVE-2018-9505.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2018-9505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2018-9505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511", - "refsource" : "MISC", - "url" : "https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-10-01,", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-10-01," - }, - { - "name" : "105482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105482" + }, + { + "name": "https://source.android.com/security/bulletin/2018-10-01,", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-10-01," + }, + { + "name": "https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511", + "refsource": "MISC", + "url": "https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9664.json b/2018/9xxx/CVE-2018-9664.json index c9590ddafa0..5a4d3f8d03f 100644 --- a/2018/9xxx/CVE-2018-9664.json +++ b/2018/9xxx/CVE-2018-9664.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9664", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9664", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9770.json b/2018/9xxx/CVE-2018-9770.json index fbe3df8d46c..9a629df1d31 100644 --- a/2018/9xxx/CVE-2018-9770.json +++ b/2018/9xxx/CVE-2018-9770.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9770", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9770", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file