diff --git a/2002/0xxx/CVE-2002-0073.json b/2002/0xxx/CVE-2002-0073.json index 9e566b5503d..54726eac669 100644 --- a/2002/0xxx/CVE-2002-0073.json +++ b/2002/0xxx/CVE-2002-0073.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html" - }, - { - "name" : "20020417 Microsoft FTP Service STAT Globbing DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101901273810598&w=2" - }, - { - "name" : "http://www.digitaloffense.net/msftpd/advisory.txt", - "refsource" : "MISC", - "url" : "http://www.digitaloffense.net/msftpd/advisory.txt" - }, - { - "name" : "MS02-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" - }, - { - "name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" - }, - { - "name" : "CA-2002-09", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-09.html" - }, - { - "name" : "VU#412203", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/412203" - }, - { - "name" : "4482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4482" - }, - { - "name" : "3328", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3328" - }, - { - "name" : "oval:org.mitre.oval:def:24", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A24" - }, - { - "name" : "oval:org.mitre.oval:def:35", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35" - }, - { - "name" : "iis-ftp-session-status-dos(8801)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8801.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iis-ftp-session-status-dos(8801)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8801.php" + }, + { + "name": "20020417 Microsoft FTP Service STAT Globbing DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101901273810598&w=2" + }, + { + "name": "VU#412203", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/412203" + }, + { + "name": "20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html" + }, + { + "name": "oval:org.mitre.oval:def:24", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A24" + }, + { + "name": "3328", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3328" + }, + { + "name": "MS02-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" + }, + { + "name": "oval:org.mitre.oval:def:35", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35" + }, + { + "name": "4482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4482" + }, + { + "name": "CA-2002-09", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-09.html" + }, + { + "name": "http://www.digitaloffense.net/msftpd/advisory.txt", + "refsource": "MISC", + "url": "http://www.digitaloffense.net/msftpd/advisory.txt" + }, + { + "name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1043.json b/2002/1xxx/CVE-2002-1043.json index c82152da700..2c000314891 100644 --- a/2002/1xxx/CVE-2002-1043.json +++ b/2002/1xxx/CVE-2002-1043.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject (\"\\t\\t\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020711 Popcorn vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html" - }, - { - "name" : "popcorn-mail-dos(9547)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9547.php" - }, - { - "name" : "5212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject (\"\\t\\t\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "popcorn-mail-dos(9547)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9547.php" + }, + { + "name": "20020711 Popcorn vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html" + }, + { + "name": "5212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5212" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1518.json b/2002/1xxx/CVE-2002-1518.json index 95b65a4845f..b84be09dafb 100644 --- a/2002/1xxx/CVE-2002-1518.json +++ b/2002/1xxx/CVE-2002-1518.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P" - }, - { - "name" : "N-004", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-004.shtml" - }, - { - "name" : "5893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5893" - }, - { - "name" : "8580", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8580" - }, - { - "name" : "irix-mv-directory-insecure(10276)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10276.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "N-004", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-004.shtml" + }, + { + "name": "irix-mv-directory-insecure(10276)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10276.php" + }, + { + "name": "5893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5893" + }, + { + "name": "8580", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8580" + }, + { + "name": "20020903-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1609.json b/2002/1xxx/CVE-2002-1609.json index 363f6bd080d..f3fc1e482b5 100644 --- a/2002/1xxx/CVE-2002-1609.json +++ b/2002/1xxx/CVE-2002-1609.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SSRT2275", - "refsource" : "HP", - "url" : "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11" - }, - { - "name" : "SSRT0796U", - "refsource" : "HP", - "url" : "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11" - }, - { - "name" : "VU#602009", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/602009" - }, - { - "name" : "tru64-multiple-binaries-bo(10016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT2275", + "refsource": "HP", + "url": "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11" + }, + { + "name": "SSRT0796U", + "refsource": "HP", + "url": "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11" + }, + { + "name": "VU#602009", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/602009" + }, + { + "name": "tru64-multiple-binaries-bo(10016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10016" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0096.json b/2003/0xxx/CVE-2003-0096.json index 24c0b7c1317..d4a98f2b47d 100644 --- a/2003/0xxx/CVE-2003-0096.json +++ b/2003/0xxx/CVE-2003-0096.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104549743326864&w=2" - }, - { - "name" : "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html" - }, - { - "name" : "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html" - }, - { - "name" : "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html" - }, - { - "name" : "http://www.nextgenss.com/advisories/ora-bfilebo.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/ora-bfilebo.txt" - }, - { - "name" : "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt" - }, - { - "name" : "http://www.nextgenss.com/advisories/ora-tzofstbo.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/ora-tzofstbo.txt" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf" - }, - { - "name" : "VU#840666", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/840666" - }, - { - "name" : "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104549782327321&w=2" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf" - }, - { - "name" : "VU#743954", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/743954" - }, - { - "name" : "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104550346303295&w=2" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf" - }, - { - "name" : "VU#663786", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/663786" - }, - { - "name" : "CA-2003-05", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-05.html" - }, - { - "name" : "N-046", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-046.shtml" - }, - { - "name" : "6847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6847" - }, - { - "name" : "6848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6848" - }, - { - "name" : "6850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6850" - }, - { - "name" : "oracle-bfilename-directory-bo(11325)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11325.php" - }, - { - "name" : "oracle-tzoffset-bo(11326)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11326.php" - }, - { - "name" : "oracle-totimestamptz-bo(11327)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11327.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf" + }, + { + "name": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt" + }, + { + "name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html" + }, + { + "name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html" + }, + { + "name": "VU#743954", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/743954" + }, + { + "name": "6850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6850" + }, + { + "name": "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104549743326864&w=2" + }, + { + "name": "oracle-bfilename-directory-bo(11325)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11325.php" + }, + { + "name": "VU#840666", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/840666" + }, + { + "name": "CA-2003-05", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-05.html" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf" + }, + { + "name": "N-046", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-046.shtml" + }, + { + "name": "oracle-totimestamptz-bo(11327)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11327.php" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf" + }, + { + "name": "http://www.nextgenss.com/advisories/ora-bfilebo.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt" + }, + { + "name": "6847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6847" + }, + { + "name": "oracle-tzoffset-bo(11326)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11326.php" + }, + { + "name": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt" + }, + { + "name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html" + }, + { + "name": "6848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6848" + }, + { + "name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104550346303295&w=2" + }, + { + "name": "VU#663786", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/663786" + }, + { + "name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104549782327321&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0884.json b/2003/0xxx/CVE-2003-0884.json index 8681cf01c5f..7b5aecd85f3 100644 --- a/2003/0xxx/CVE-2003-0884.json +++ b/2003/0xxx/CVE-2003-0884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0884", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0884", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1112.json b/2003/1xxx/CVE-2003-1112.json index 84546bf430b..68b0ea2a72c 100644 --- a/2003/1xxx/CVE-2003-1112.json +++ b/2003/1xxx/CVE-2003-1112.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/" - }, - { - "name" : "CA-2003-06", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-06.html" - }, - { - "name" : "VU#528719", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/528719" - }, - { - "name" : "6904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6904" - }, - { - "name" : "sip-invite(11379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/" + }, + { + "name": "VU#528719", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/528719" + }, + { + "name": "CA-2003-06", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-06.html" + }, + { + "name": "6904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6904" + }, + { + "name": "sip-invite(11379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1157.json b/2003/1xxx/CVE-2003-1157.json index 14eeeb26948..e37b701afc0 100644 --- a/2003/1xxx/CVE-2003-1157.json +++ b/2003/1xxx/CVE-2003-1157.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031031 IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343040" - }, - { - "name" : "8939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8939" - }, - { - "name" : "27948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27948" - }, - { - "name" : "2762", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2762" - }, - { - "name" : "10127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10127" - }, - { - "name" : "metaframe-error-message-xss(13569)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13569" - }, - { - "name" : "citrix-webmanager-login-xss(40782)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10127" + }, + { + "name": "8939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8939" + }, + { + "name": "20031031 IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343040" + }, + { + "name": "2762", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2762" + }, + { + "name": "citrix-webmanager-login-xss(40782)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40782" + }, + { + "name": "metaframe-error-message-xss(13569)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13569" + }, + { + "name": "27948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27948" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2113.json b/2004/2xxx/CVE-2004-2113.json index 0329279b3b5..d2d5eb6b6b3 100644 --- a/2004/2xxx/CVE-2004-2113.json +++ b/2004/2xxx/CVE-2004-2113.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040126 Directory traversal and XSS in BremsServer 1.2.4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107513747107031&w=2" - }, - { - "name" : "9491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9491" - }, - { - "name" : "3754", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3754" - }, - { - "name" : "1008853", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008853" - }, - { - "name" : "10731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10731" - }, - { - "name" : "bremsserver-xss(14953)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9491" + }, + { + "name": "20040126 Directory traversal and XSS in BremsServer 1.2.4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107513747107031&w=2" + }, + { + "name": "3754", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3754" + }, + { + "name": "10731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10731" + }, + { + "name": "bremsserver-xss(14953)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14953" + }, + { + "name": "1008853", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008853" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2339.json b/2004/2xxx/CVE-2004-2339.json index d42a878449f..ac24fe41633 100644 --- a/2004/2xxx/CVE-2004-2339.json +++ b/2004/2xxx/CVE-2004-2339.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040218 Multiple WinXP kernel vulns can give user mode programs kernel mode privileges", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/354392" - }, - { - "name" : "20040219 RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0529.html" - }, - { - "name" : "20040219 RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0530.html" - }, - { - "name" : "1009128", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1009128" - }, - { - "name" : "win-kernel-gain-privileges(15263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1009128", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1009128" + }, + { + "name": "20040219 RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0529.html" + }, + { + "name": "20040218 Multiple WinXP kernel vulns can give user mode programs kernel mode privileges", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/354392" + }, + { + "name": "20040219 RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0530.html" + }, + { + "name": "win-kernel-gain-privileges(15263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15263" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0032.json b/2012/0xxx/CVE-2012-0032.json index 984bddd6a0a..082c23d6ffc 100644 --- a/2012/0xxx/CVE-2012-0032.json +++ b/2012/0xxx/CVE-2012-0032.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=772514", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=772514" - }, - { - "name" : "RHSA-2012:0406", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0406.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:0406", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=772514", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772514" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0095.json b/2012/0xxx/CVE-2012-0095.json index bc652de50e3..fe3cd0271bd 100644 --- a/2012/0xxx/CVE-2012-0095.json +++ b/2012/0xxx/CVE-2012-0095.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0108." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0108." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0529.json b/2012/0xxx/CVE-2012-0529.json index 90cd4554bfd..45b59ac212a 100644 --- a/2012/0xxx/CVE-2012-0529.json +++ b/2012/0xxx/CVE-2012-0529.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026954", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026954" - }, - { - "name" : "48882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48882" + }, + { + "name": "1026954", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026954" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0776.json b/2012/0xxx/CVE-2012-0776.json index e6042e6b349..a97c0c80c9e 100644 --- a/2012/0xxx/CVE-2012-0776.json +++ b/2012/0xxx/CVE-2012-0776.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html" - }, - { - "name" : "TA12-101B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" - }, - { - "name" : "oval:org.mitre.oval:def:15270", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15270" - }, - { - "name" : "1026908", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" + }, + { + "name": "TA12-101B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" + }, + { + "name": "oval:org.mitre.oval:def:15270", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15270" + }, + { + "name": "1026908", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026908" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0802.json b/2012/0xxx/CVE-2012-0802.json index 15ee99b0c23..39f24e8d3fb 100644 --- a/2012/0xxx/CVE-2012-0802.json +++ b/2012/0xxx/CVE-2012-0802.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to \"serious errors in the usage of snprintf()/vsnprintf()\" in which the return values may be larger than the size of the buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120123 Re: CVE request: spamdyke buffer overflow vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/23/5" - }, - { - "name" : "[spamdyke-release] 20120115 New version: spamdyke 4.3.0", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/spamdyke-release@spamdyke.org/msg00014.html" - }, - { - "name" : "http://www.spamdyke.org/documentation/Changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.spamdyke.org/documentation/Changelog.txt" - }, - { - "name" : "GLSA-201203-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-01.xml" - }, - { - "name" : "51440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51440" - }, - { - "name" : "78351", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78351" - }, - { - "name" : "47548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47548" - }, - { - "name" : "48257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to \"serious errors in the usage of snprintf()/vsnprintf()\" in which the return values may be larger than the size of the buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47548" + }, + { + "name": "[oss-security] 20120123 Re: CVE request: spamdyke buffer overflow vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/23/5" + }, + { + "name": "51440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51440" + }, + { + "name": "78351", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78351" + }, + { + "name": "[spamdyke-release] 20120115 New version: spamdyke 4.3.0", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/spamdyke-release@spamdyke.org/msg00014.html" + }, + { + "name": "48257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48257" + }, + { + "name": "http://www.spamdyke.org/documentation/Changelog.txt", + "refsource": "CONFIRM", + "url": "http://www.spamdyke.org/documentation/Changelog.txt" + }, + { + "name": "GLSA-201203-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-01.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0813.json b/2012/0xxx/CVE-2012-0813.json index 70b1aa26c09..9ab9069d210 100644 --- a/2012/0xxx/CVE-2012-0813.json +++ b/2012/0xxx/CVE-2012-0813.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120126 CVE request: wicd writes sensitive information in log files (password, passphrase...)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/13" - }, - { - "name" : "[oss-security] 20120126 Re: CVE request: wicd writes sensitive information in log files (password, passphrase...)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/14" - }, - { - "name" : "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682", - "refsource" : "MISC", - "url" : "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417" - }, - { - "name" : "https://launchpad.net/wicd/+announcement/9570", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/wicd/+announcement/9570" - }, - { - "name" : "GLSA-201206-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-08.xml" - }, - { - "name" : "51703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51703" - }, - { - "name" : "49657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.net/wicd/+announcement/9570", + "refsource": "CONFIRM", + "url": "https://launchpad.net/wicd/+announcement/9570" + }, + { + "name": "[oss-security] 20120126 Re: CVE request: wicd writes sensitive information in log files (password, passphrase...)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/26/14" + }, + { + "name": "51703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51703" + }, + { + "name": "49657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49657" + }, + { + "name": "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682", + "refsource": "MISC", + "url": "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682" + }, + { + "name": "[oss-security] 20120126 CVE request: wicd writes sensitive information in log files (password, passphrase...)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/26/13" + }, + { + "name": "GLSA-201206-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-08.xml" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1033.json b/2012/1xxx/CVE-2012-1033.json index 92676c4fa11..5dec2801da6 100644 --- a/2012/1xxx/CVE-2012-1033.json +++ b/2012/1xxx/CVE-2012-1033.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.isc.org/software/bind/advisories/cve-2012-1033", - "refsource" : "CONFIRM", - "url" : "https://www.isc.org/software/bind/advisories/cve-2012-1033" - }, - { - "name" : "HPSBUX02835", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135638082529878&w=2" - }, - { - "name" : "SSRT100763", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135638082529878&w=2" - }, - { - "name" : "RHSA-2012:0717", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0717.html" - }, - { - "name" : "openSUSE-SU-2012:0863", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15136456" - }, - { - "name" : "openSUSE-SU-2012:0864", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15136477" - }, - { - "name" : "VU#542123", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/542123" - }, - { - "name" : "51898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51898" - }, - { - "name" : "78916", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78916" - }, - { - "name" : "1026647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026647" - }, - { - "name" : "47884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47884" - }, - { - "name" : "isc-bind-update-sec-bypass(73053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX02835", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135638082529878&w=2" + }, + { + "name": "isc-bind-update-sec-bypass(73053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73053" + }, + { + "name": "https://www.isc.org/software/bind/advisories/cve-2012-1033", + "refsource": "CONFIRM", + "url": "https://www.isc.org/software/bind/advisories/cve-2012-1033" + }, + { + "name": "1026647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026647" + }, + { + "name": "47884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47884" + }, + { + "name": "SSRT100763", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135638082529878&w=2" + }, + { + "name": "openSUSE-SU-2012:0864", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15136477" + }, + { + "name": "78916", + "refsource": "OSVDB", + "url": "http://osvdb.org/78916" + }, + { + "name": "RHSA-2012:0717", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0717.html" + }, + { + "name": "VU#542123", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/542123" + }, + { + "name": "openSUSE-SU-2012:0863", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15136456" + }, + { + "name": "51898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51898" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1287.json b/2012/1xxx/CVE-2012-1287.json index 8d4e32917fe..a3a9b75edf4 100644 --- a/2012/1xxx/CVE-2012-1287.json +++ b/2012/1xxx/CVE-2012-1287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1287", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1287", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1760.json b/2012/1xxx/CVE-2012-1760.json index 0363e66f112..05827b5e0e5 100644 --- a/2012/1xxx/CVE-2012-1760.json +++ b/2012/1xxx/CVE-2012-1760.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1742." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54529" - }, - { - "name" : "83918", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83918" - }, - { - "name" : "1027267", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027267" - }, - { - "name" : "siebelcrm-uiframe-dos(77036)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1742." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027267", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027267" + }, + { + "name": "54529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54529" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "siebelcrm-uiframe-dos(77036)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77036" + }, + { + "name": "83918", + "refsource": "OSVDB", + "url": "http://osvdb.org/83918" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4971.json b/2012/4xxx/CVE-2012-4971.json index a07ad6d597f..fed7421af08 100644 --- a/2012/4xxx/CVE-2012-4971.json +++ b/2012/4xxx/CVE-2012-4971.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html", - "refsource" : "MISC", - "url" : "http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html", + "refsource": "MISC", + "url": "http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5027.json b/2012/5xxx/CVE-2012-5027.json index a82cbad048b..a1b86471480 100644 --- a/2012/5xxx/CVE-2012-5027.json +++ b/2012/5xxx/CVE-2012-5027.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5027", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5027", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5073.json b/2012/5xxx/CVE-2012-5073.json index 4dcbddcb416..762c862acdb 100644 --- a/2012/5xxx/CVE-2012-5073.json +++ b/2012/5xxx/CVE-2012-5073.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02832", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "SSRT101042", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "HPSBOV02833", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "SSRT101043", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "RHSA-2012:1385", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1385.html" - }, - { - "name" : "RHSA-2012:1386", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html" - }, - { - "name" : "RHSA-2012:1391", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" - }, - { - "name" : "RHSA-2012:1392", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html" - }, - { - "name" : "RHSA-2012:1465", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1465.html" - }, - { - "name" : "RHSA-2012:1466", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "SUSE-SU-2012:1490", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html" - }, - { - "name" : "openSUSE-SU-2012:1423", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:1595", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" - }, - { - "name" : "SUSE-SU-2012:1489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" - }, - { - "name" : "56080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56080" - }, - { - "name" : "oval:org.mitre.oval:def:16466", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16466" - }, - { - "name" : "51028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51028" - }, - { - "name" : "51029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51029" - }, - { - "name" : "51141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51141" - }, - { - "name" : "51313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51313" - }, - { - "name" : "51315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51315" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51327" - }, - { - "name" : "51328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51328" - }, - { - "name" : "51390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51390" - }, - { - "name" : "51393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51393" - }, - { - "name" : "51438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51438" - }, - { - "name" : "51166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51166" - }, - { - "name" : "javaruntimeenvironment-lib-cve20125073(79432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51313" + }, + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" + }, + { + "name": "RHSA-2012:1466", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html" + }, + { + "name": "RHSA-2012:1386", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html" + }, + { + "name": "51315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51315" + }, + { + "name": "51438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51438" + }, + { + "name": "51141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51141" + }, + { + "name": "SSRT101043", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "SUSE-SU-2012:1490", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" + }, + { + "name": "openSUSE-SU-2012:1423", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "RHSA-2012:1391", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" + }, + { + "name": "51029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51029" + }, + { + "name": "HPSBOV02833", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "javaruntimeenvironment-lib-cve20125073(79432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79432" + }, + { + "name": "51166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51166" + }, + { + "name": "51390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51390" + }, + { + "name": "RHSA-2012:1392", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" + }, + { + "name": "SUSE-SU-2012:1489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" + }, + { + "name": "SUSE-SU-2012:1595", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" + }, + { + "name": "51327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51327" + }, + { + "name": "56080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56080" + }, + { + "name": "oval:org.mitre.oval:def:16466", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16466" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "RHSA-2012:1465", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html" + }, + { + "name": "51328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51328" + }, + { + "name": "SSRT101042", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + }, + { + "name": "51028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51028" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "51393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51393" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + }, + { + "name": "RHSA-2012:1385", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1385.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + }, + { + "name": "HPSBUX02832", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5735.json b/2012/5xxx/CVE-2012-5735.json index 20c8baa7e6f..37f9daf675c 100644 --- a/2012/5xxx/CVE-2012-5735.json +++ b/2012/5xxx/CVE-2012-5735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5735", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5735", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1002xxx/CVE-2017-1002005.json b/2017/1002xxx/CVE-2017-1002005.json index 49b0de219ec..10759d3d1b7 100644 --- a/2017/1002xxx/CVE-2017-1002005.json +++ b/2017/1002xxx/CVE-2017-1002005.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-03-08", - "ID" : "CVE-2017-1002005", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DTracker", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "1.5" - } - ] - } - } - ] - }, - "vendor_name" : "ITFlux" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2017-03-08", + "ID": "CVE-2017-1002005", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DTracker", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.5" + } + ] + } + } + ] + }, + "vendor_name": "ITFlux" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=183", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=183" - }, - { - "name" : "https://wordpress.org/plugins/dtracker/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/dtracker/" - }, - { - "name" : "96781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96781" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=183", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=183" + }, + { + "name": "https://wordpress.org/plugins/dtracker/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/dtracker/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3134.json b/2017/3xxx/CVE-2017-3134.json index db724435650..226fb627ce1 100644 --- a/2017/3xxx/CVE-2017-3134.json +++ b/2017/3xxx/CVE-2017-3134.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2017-3134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortinet FortiWLC-SD", - "version" : { - "version_data" : [ - { - "version_value" : "FortiWLC-SD versions 8.2.4 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2017-3134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWLC-SD", + "version": { + "version_data": [ + { + "version_value": "FortiWLC-SD versions 8.2.4 and below" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/psirt/FG-IR-17-097", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-17-097" - }, - { - "name" : "97603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/psirt/FG-IR-17-097", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-17-097" + }, + { + "name": "97603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97603" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3710.json b/2017/3xxx/CVE-2017-3710.json index b30a45a0fd8..d7272438a7e 100644 --- a/2017/3xxx/CVE-2017-3710.json +++ b/2017/3xxx/CVE-2017-3710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3710", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3710", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3963.json b/2017/3xxx/CVE-2017-3963.json index 0e4ba5e89e2..f716ba0e1cb 100644 --- a/2017/3xxx/CVE-2017-3963.json +++ b/2017/3xxx/CVE-2017-3963.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3963", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3963", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6355.json b/2017/6xxx/CVE-2017-6355.json index cc69426dab2..13a3eb1e7d2 100644 --- a/2017/6xxx/CVE-2017-6355.json +++ b/2017/6xxx/CVE-2017-6355.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170227 CVE-2017-6355 Virglrenderer: integer overflow while creating shader object", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/27/3" - }, - { - "name" : "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", - "refsource" : "MLIST", - "url" : "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" - }, - { - "name" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6" - }, - { - "name" : "GLSA-201707-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-06" - }, - { - "name" : "96460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96460" + }, + { + "name": "GLSA-201707-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-06" + }, + { + "name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", + "refsource": "MLIST", + "url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" + }, + { + "name": "[oss-security] 20170227 CVE-2017-6355 Virglrenderer: integer overflow while creating shader object", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/27/3" + }, + { + "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6626.json b/2017/6xxx/CVE-2017-6626.json index a3ef2d69136..ef34295f2d5 100644 --- a/2017/6xxx/CVE-2017-6626.json +++ b/2017/6xxx/CVE-2017-6626.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Finesse for Cisco Unified Contact Center Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Finesse for Cisco Unified Contact Center Enterprise" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Finesse for Cisco Unified Contact Center Enterprise", + "version": { + "version_data": [ + { + "version_value": "Cisco Finesse for Cisco Unified Contact Center Enterprise" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce" - }, - { - "name" : "98291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98291" - }, - { - "name" : "1038396", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce" + }, + { + "name": "98291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98291" + }, + { + "name": "1038396", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038396" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6955.json b/2017/6xxx/CVE-2017-6955.json index 758e6a09f4f..66c57833ae7 100644 --- a/2017/6xxx/CVE-2017-6955.json +++ b/2017/6xxx/CVE-2017-6955.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855", - "refsource" : "CONFIRM", - "url" : "https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855" - }, - { - "name" : "https://wordpress.org/plugins/invite-anyone/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/invite-anyone/changelog/" - }, - { - "name" : "96965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96965" + }, + { + "name": "https://wordpress.org/plugins/invite-anyone/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/invite-anyone/changelog/" + }, + { + "name": "https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855", + "refsource": "CONFIRM", + "url": "https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7132.json b/2017/7xxx/CVE-2017-7132.json index 1e215d927d0..793e119d5cc 100644 --- a/2017/7xxx/CVE-2017-7132.json +++ b/2017/7xxx/CVE-2017-7132.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "1039710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "1039710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039710" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7246.json b/2017/7xxx/CVE-2017-7246.json index 43daa2030f4..dc41f6c3e57 100644 --- a/2017/7xxx/CVE-2017-7246.json +++ b/2017/7xxx/CVE-2017-7246.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/" - }, - { - "name" : "GLSA-201710-25", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-25" - }, - { - "name" : "RHSA-2018:2486", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2486" - }, - { - "name" : "97067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97067" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/" + }, + { + "name": "RHSA-2018:2486", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2486" + }, + { + "name": "GLSA-201710-25", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-25" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7375.json b/2017/7xxx/CVE-2017-7375.json index 50b784cb404..fd0bb52df6d 100644 --- a/2017/7xxx/CVE-2017-7375.json +++ b/2017/7xxx/CVE-2017-7375.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1462203" - }, - { - "name" : "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "DSA-3952", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3952" - }, - { - "name" : "GLSA-201711-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-01" - }, - { - "name" : "98877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98877" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa" + }, + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "DSA-3952", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3952" + }, + { + "name": "98877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98877" + }, + { + "name": "GLSA-201711-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-01" + }, + { + "name": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7576.json b/2017/7xxx/CVE-2017-7576.json index 1843ebe22b2..dabfd7e69f5 100644 --- a/2017/7xxx/CVE-2017-7576.json +++ b/2017/7xxx/CVE-2017-7576.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.iancaling.com/post/159276197313/", - "refsource" : "MISC", - "url" : "http://blog.iancaling.com/post/159276197313/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.iancaling.com/post/159276197313/", + "refsource": "MISC", + "url": "http://blog.iancaling.com/post/159276197313/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7607.json b/2017/7xxx/CVE-2017-7607.json index e12aaaffa02..11d13c22727 100644 --- a/2017/7xxx/CVE-2017-7607.json +++ b/2017/7xxx/CVE-2017-7607.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c" - }, - { - "name" : "GLSA-201710-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-10" - }, - { - "name" : "USN-3670-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3670-1/" - }, - { - "name" : "98608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3670-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3670-1/" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c" + }, + { + "name": "GLSA-201710-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-10" + }, + { + "name": "98608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98608" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8401.json b/2017/8xxx/CVE-2017-8401.json index ec5e0139297..bba11a5bc82 100644 --- a/2017/8xxx/CVE-2017-8401.json +++ b/2017/8xxx/CVE-2017-8401.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/matthiaskramm/swftools/issues/14", - "refsource" : "CONFIRM", - "url" : "https://github.com/matthiaskramm/swftools/issues/14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/matthiaskramm/swftools/issues/14", + "refsource": "CONFIRM", + "url": "https://github.com/matthiaskramm/swftools/issues/14" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8962.json b/2017/8xxx/CVE-2017-8962.json index a2865460b3c..19be3e34872 100644 --- a/2017/8xxx/CVE-2017-8962.json +++ b/2017/8xxx/CVE-2017-8962.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-10-27T00:00:00", - "ID" : "CVE-2017-8962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "7.3 E0504P2" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Deserialization of Untrusted Data" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-10-27T00:00:00", + "ID": "CVE-2017-8962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "7.3 E0504P2" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us" - }, - { - "name" : "1039684", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us" + }, + { + "name": "1039684", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039684" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10018.json b/2018/10xxx/CVE-2018-10018.json index dc43bc00a12..2d79b56e095 100644 --- a/2018/10xxx/CVE-2018-10018.json +++ b/2018/10xxx/CVE-2018-10018.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GDASPAMLib.AntiSpam ActiveX control ASK\\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45017", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45017/" - }, - { - "name" : "20180712 G DATA TOTAL SECURITY v25.4.0.3 Activex Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/55" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GDASPAMLib.AntiSpam ActiveX control ASK\\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45017", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45017/" + }, + { + "name": "20180712 G DATA TOTAL SECURITY v25.4.0.3 Activex Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/55" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10091.json b/2018/10xxx/CVE-2018-10091.json index 5ca923f0675..094d73bce91 100644 --- a/2018/10xxx/CVE-2018-10091.json +++ b/2018/10xxx/CVE-2018-10091.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10091", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10091", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10102.json b/2018/10xxx/CVE-2018-10102.json index 7ba1d591a7a..89143abbe27 100644 --- a/2018/10xxx/CVE-2018-10102.json +++ b/2018/10xxx/CVE-2018-10102.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180427 [SECURITY] [DLA 1366-1] wordpress security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9055", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9055" - }, - { - "name" : "https://codex.wordpress.org/Version_4.9.5", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.9.5" - }, - { - "name" : "https://core.trac.wordpress.org/changeset/42893", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/changeset/42893" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d", - "refsource" : "CONFIRM", - "url" : "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d" - }, - { - "name" : "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" - }, - { - "name" : "DSA-4193", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4193" - }, - { - "name" : "103775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103775" - }, - { - "name" : "1040836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103775" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9055", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9055" + }, + { + "name": "1040836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040836" + }, + { + "name": "DSA-4193", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4193" + }, + { + "name": "https://core.trac.wordpress.org/changeset/42893", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/changeset/42893" + }, + { + "name": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" + }, + { + "name": "[debian-lts-announce] 20180427 [SECURITY] [DLA 1366-1] wordpress security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html" + }, + { + "name": "https://codex.wordpress.org/Version_4.9.5", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.9.5" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d", + "refsource": "CONFIRM", + "url": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10908.json b/2018/10xxx/CVE-2018-10908.json index 04fd75e2048..0aeb858f6dd 100644 --- a/2018/10xxx/CVE-2018-10908.json +++ b/2018/10xxx/CVE-2018-10908.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-10908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "vdsm", - "version" : { - "version_data" : [ - { - "version_value" : "4.20.37" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vdsm", + "version": { + "version_data": [ + { + "version_value": "4.20.37" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-770" - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html", - "refsource" : "MISC", - "url" : "http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html" - }, - { - "name" : "https://gerrit.ovirt.org/#/c/93195/", - "refsource" : "MISC", - "url" : "https://gerrit.ovirt.org/#/c/93195/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908" - }, - { - "name" : "RHEA-2018:2624", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:2624" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-770" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908" + }, + { + "name": "RHEA-2018:2624", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:2624" + }, + { + "name": "http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html", + "refsource": "MISC", + "url": "http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html" + }, + { + "name": "https://gerrit.ovirt.org/#/c/93195/", + "refsource": "MISC", + "url": "https://gerrit.ovirt.org/#/c/93195/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13529.json b/2018/13xxx/CVE-2018-13529.json index 6582ff2c366..48940ea0733 100644 --- a/2018/13xxx/CVE-2018-13529.json +++ b/2018/13xxx/CVE-2018-13529.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BetterThanAdrien", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BetterThanAdrien" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BetterThanAdrien", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BetterThanAdrien" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13545.json b/2018/13xxx/CVE-2018-13545.json index 168ac4e4795..e81b72c0d0f 100644 --- a/2018/13xxx/CVE-2018-13545.json +++ b/2018/13xxx/CVE-2018-13545.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HashShield", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HashShield" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HashShield", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HashShield" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17119.json b/2018/17xxx/CVE-2018-17119.json index c397366ae4c..fcac7c10703 100644 --- a/2018/17xxx/CVE-2018-17119.json +++ b/2018/17xxx/CVE-2018-17119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17365.json b/2018/17xxx/CVE-2018-17365.json index c620b161978..a95ed91d0ea 100644 --- a/2018/17xxx/CVE-2018-17365.json +++ b/2018/17xxx/CVE-2018-17365.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SeaCMS 6.64 allows remote attackers to delete arbitrary files via the filedir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.51cto.com/13770310/2177226", - "refsource" : "MISC", - "url" : "http://blog.51cto.com/13770310/2177226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SeaCMS 6.64 allows remote attackers to delete arbitrary files via the filedir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.51cto.com/13770310/2177226", + "refsource": "MISC", + "url": "http://blog.51cto.com/13770310/2177226" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17480.json b/2018/17xxx/CVE-2018-17480.json index 0eee5cfb9bb..ce7509492bd 100644 --- a/2018/17xxx/CVE-2018-17480.json +++ b/2018/17xxx/CVE-2018-17480.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-17480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-17480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/905940", - "refsource" : "MISC", - "url" : "https://crbug.com/905940" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4352" - }, - { - "name" : "RHSA-2018:3803", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3803" - }, - { - "name" : "106084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/905940", + "refsource": "MISC", + "url": "https://crbug.com/905940" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:3803", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3803" + }, + { + "name": "DSA-4352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4352" + }, + { + "name": "106084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106084" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17558.json b/2018/17xxx/CVE-2018-17558.json index 1cb041363c6..e14645cf5e9 100644 --- a/2018/17xxx/CVE-2018-17558.json +++ b/2018/17xxx/CVE-2018-17558.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17558", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17558", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17710.json b/2018/17xxx/CVE-2018-17710.json index c329e412a1c..9ac36afab44 100644 --- a/2018/17xxx/CVE-2018-17710.json +++ b/2018/17xxx/CVE-2018-17710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17710", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17710", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20001.json b/2018/20xxx/CVE-2018-20001.json index 806104f79c0..328c29e6b96 100644 --- a/2018/20xxx/CVE-2018-20001.json +++ b/2018/20xxx/CVE-2018-20001.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1141", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1141", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1141" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20111.json b/2018/20xxx/CVE-2018-20111.json index 654db14b505..0f7f615c1cd 100644 --- a/2018/20xxx/CVE-2018-20111.json +++ b/2018/20xxx/CVE-2018-20111.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20111", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-20111", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20254.json b/2018/20xxx/CVE-2018-20254.json index a642b2bdb0e..8e8d56ed164 100644 --- a/2018/20xxx/CVE-2018-20254.json +++ b/2018/20xxx/CVE-2018-20254.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20254", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20254", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9197.json b/2018/9xxx/CVE-2018-9197.json index 93f88074184..e0dab8bf6f9 100644 --- a/2018/9xxx/CVE-2018-9197.json +++ b/2018/9xxx/CVE-2018-9197.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9197", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9197", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9395.json b/2018/9xxx/CVE-2018-9395.json index 361d4f88562..85905014c3d 100644 --- a/2018/9xxx/CVE-2018-9395.json +++ b/2018/9xxx/CVE-2018-9395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9395", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9395", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9440.json b/2018/9xxx/CVE-2018-9440.json index 0edc1e7ef40..0958d463cc6 100644 --- a/2018/9xxx/CVE-2018-9440.json +++ b/2018/9xxx/CVE-2018-9440.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9440", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9440", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9459.json b/2018/9xxx/CVE-2018-9459.json index 8a3fdcff41b..667b9071e4d 100644 --- a/2018/9xxx/CVE-2018-9459.json +++ b/2018/9xxx/CVE-2018-9459.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-9459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-9459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9902.json b/2018/9xxx/CVE-2018-9902.json index 8933b2a3dab..a7efed1a49c 100644 --- a/2018/9xxx/CVE-2018-9902.json +++ b/2018/9xxx/CVE-2018-9902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file