From a432487145f6797e60db30097d7670bcf03b060d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:21:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0346.json | 190 +++++----- 2003/0xxx/CVE-2003-0449.json | 150 ++++---- 2003/0xxx/CVE-2003-0642.json | 150 ++++---- 2003/1xxx/CVE-2003-1088.json | 160 ++++---- 2003/1xxx/CVE-2003-1166.json | 160 ++++---- 2003/1xxx/CVE-2003-1356.json | 160 ++++---- 2003/1xxx/CVE-2003-1411.json | 160 ++++---- 2004/0xxx/CVE-2004-0125.json | 140 +++---- 2004/0xxx/CVE-2004-0838.json | 150 ++++---- 2004/0xxx/CVE-2004-0970.json | 170 ++++----- 2004/1xxx/CVE-2004-1704.json | 140 +++---- 2004/1xxx/CVE-2004-1764.json | 160 ++++---- 2004/2xxx/CVE-2004-2179.json | 140 +++---- 2004/2xxx/CVE-2004-2295.json | 170 ++++----- 2004/2xxx/CVE-2004-2521.json | 170 ++++----- 2008/2xxx/CVE-2008-2013.json | 140 +++---- 2008/2xxx/CVE-2008-2477.json | 160 ++++---- 2008/2xxx/CVE-2008-2803.json | 660 ++++++++++++++++----------------- 2008/6xxx/CVE-2008-6189.json | 140 +++---- 2008/6xxx/CVE-2008-6774.json | 130 +++---- 2012/1xxx/CVE-2012-1552.json | 34 +- 2012/1xxx/CVE-2012-1846.json | 170 ++++----- 2012/5xxx/CVE-2012-5260.json | 150 ++++---- 2012/5xxx/CVE-2012-5483.json | 160 ++++---- 2012/5xxx/CVE-2012-5570.json | 34 +- 2012/5xxx/CVE-2012-5573.json | 200 +++++----- 2012/5xxx/CVE-2012-5678.json | 140 +++---- 2012/5xxx/CVE-2012-5977.json | 140 +++---- 2017/11xxx/CVE-2017-11240.json | 120 +++--- 2017/11xxx/CVE-2017-11547.json | 120 +++--- 2017/11xxx/CVE-2017-11608.json | 120 +++--- 2017/11xxx/CVE-2017-11857.json | 34 +- 2017/15xxx/CVE-2017-15399.json | 170 ++++----- 2017/15xxx/CVE-2017-15947.json | 120 +++--- 2017/3xxx/CVE-2017-3247.json | 142 +++---- 2017/3xxx/CVE-2017-3480.json | 158 ++++---- 2017/3xxx/CVE-2017-3701.json | 34 +- 2017/3xxx/CVE-2017-3819.json | 140 +++---- 2017/3xxx/CVE-2017-3870.json | 140 +++---- 2017/7xxx/CVE-2017-7210.json | 140 +++---- 2017/7xxx/CVE-2017-7620.json | 160 ++++---- 2017/8xxx/CVE-2017-8096.json | 34 +- 2017/8xxx/CVE-2017-8760.json | 120 +++--- 2018/10xxx/CVE-2018-10378.json | 34 +- 2018/12xxx/CVE-2018-12014.json | 130 +++---- 2018/12xxx/CVE-2018-12451.json | 34 +- 2018/12xxx/CVE-2018-12466.json | 202 +++++----- 2018/12xxx/CVE-2018-12473.json | 194 +++++----- 2018/12xxx/CVE-2018-12989.json | 120 +++--- 2018/13xxx/CVE-2018-13506.json | 130 +++---- 2018/13xxx/CVE-2018-13936.json | 34 +- 2018/16xxx/CVE-2018-16655.json | 130 +++---- 2018/16xxx/CVE-2018-16951.json | 120 +++--- 2018/17xxx/CVE-2018-17159.json | 150 ++++---- 2018/17xxx/CVE-2018-17173.json | 130 +++---- 2018/17xxx/CVE-2018-17635.json | 130 +++---- 2018/17xxx/CVE-2018-17696.json | 130 +++---- 2018/17xxx/CVE-2018-17884.json | 140 +++---- 58 files changed, 4094 insertions(+), 4094 deletions(-) diff --git a/2003/0xxx/CVE-2003-0346.json b/2003/0xxx/CVE-2003-0346.json index 95a8d966be8..a23594809f3 100644 --- a/2003/0xxx/CVE-2003-0346.json +++ b/2003/0xxx/CVE-2003-0346.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030723 EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105899759824008&w=2" - }, - { - "name" : "MS03-030", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030" - }, - { - "name" : "CA-2003-18", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-18.html" - }, - { - "name" : "VU#561284", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/561284" - }, - { - "name" : "VU#265232", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/265232" - }, - { - "name" : "oval:org.mitre.oval:def:218", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A218" - }, - { - "name" : "oval:org.mitre.oval:def:1095", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095" - }, - { - "name" : "oval:org.mitre.oval:def:1104", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:218", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A218" + }, + { + "name": "VU#561284", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/561284" + }, + { + "name": "CA-2003-18", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-18.html" + }, + { + "name": "oval:org.mitre.oval:def:1104", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104" + }, + { + "name": "VU#265232", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/265232" + }, + { + "name": "oval:org.mitre.oval:def:1095", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095" + }, + { + "name": "20030723 EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105899759824008&w=2" + }, + { + "name": "MS03-030", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0449.json b/2003/0xxx/CVE-2003-0449.json index 4e9dfc1eb4f..6baa50a75e2 100644 --- a/2003/0xxx/CVE-2003-0449.json +++ b/2003/0xxx/CVE-2003-0449.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030614 SRT2003-06-13-0945 - Progress PATH based dlopen() issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105561134624665&w=2" - }, - { - "name" : "20030614 SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105561189625082&w=2" - }, - { - "name" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt", - "refsource" : "MISC", - "url" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt" - }, - { - "name" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt", - "refsource" : "MISC", - "url" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030614 SRT2003-06-13-0945 - Progress PATH based dlopen() issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105561134624665&w=2" + }, + { + "name": "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt", + "refsource": "MISC", + "url": "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt" + }, + { + "name": "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt", + "refsource": "MISC", + "url": "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt" + }, + { + "name": "20030614 SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105561189625082&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0642.json b/2003/0xxx/CVE-2003-0642.json index b05fe08706e..b79c942d291 100644 --- a/2003/0xxx/CVE-2003-0642.json +++ b/2003/0xxx/CVE-2003-0642.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \\Device\\PhysicalMemory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030717 Bypassing ServerLock protection on Windows 2000", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105848106631132&w=2" - }, - { - "name" : "8223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8223" - }, - { - "name" : "9310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9310" - }, - { - "name" : "serverlock-physicalmemory-symlink(12666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \\Device\\PhysicalMemory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "serverlock-physicalmemory-symlink(12666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12666" + }, + { + "name": "8223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8223" + }, + { + "name": "20030717 Bypassing ServerLock protection on Windows 2000", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105848106631132&w=2" + }, + { + "name": "9310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9310" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1088.json b/2003/1xxx/CVE-2003-1088.json index 8b4825f4999..d4e58a9887c 100644 --- a/2003/1xxx/CVE-2003-1088.json +++ b/2003/1xxx/CVE-2003-1088.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106063199925536&w=2" - }, - { - "name" : "8388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8388" - }, - { - "name" : "1013365", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013365" - }, - { - "name" : "9497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9497" - }, - { - "name" : "zorum-index-xss(12867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8388" + }, + { + "name": "9497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9497" + }, + { + "name": "20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106063199925536&w=2" + }, + { + "name": "zorum-index-xss(12867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12867" + }, + { + "name": "1013365", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013365" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1166.json b/2003/1xxx/CVE-2003-1166.json index 4fe25887548..355eea89433 100644 --- a/2003/1xxx/CVE-2003-1166.json +++ b/2003/1xxx/CVE-2003-1166.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.http-com.com/Default.asp?section=Features", - "refsource" : "CONFIRM", - "url" : "http://www.http-com.com/Default.asp?section=Features" - }, - { - "name" : "8948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8948" - }, - { - "name" : "2780", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2780" - }, - { - "name" : "10125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10125" - }, - { - "name" : "http-commander-directory-traversal(13622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2780", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2780" + }, + { + "name": "8948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8948" + }, + { + "name": "http://www.http-com.com/Default.asp?section=Features", + "refsource": "CONFIRM", + "url": "http://www.http-com.com/Default.asp?section=Features" + }, + { + "name": "10125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10125" + }, + { + "name": "http-commander-directory-traversal(13622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13622" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1356.json b/2003/1xxx/CVE-2003-1356.json index 312da8435d1..031dd876c4f 100644 --- a/2003/1xxx/CVE-2003-1356.json +++ b/2003/1xxx/CVE-2003-1356.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"file handling\" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is \"incorrect,\" which allows attackers to gain access or cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0301-237", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html" - }, - { - "name" : "SSRT3454", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html" - }, - { - "name" : "6640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6640" - }, - { - "name" : "oval:org.mitre.oval:def:5758", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758" - }, - { - "name" : "hpux-sort-file-handling(11107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"file handling\" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is \"incorrect,\" which allows attackers to gain access or cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hpux-sort-file-handling(11107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11107" + }, + { + "name": "6640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6640" + }, + { + "name": "SSRT3454", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html" + }, + { + "name": "oval:org.mitre.oval:def:5758", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758" + }, + { + "name": "HPSBUX0301-237", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1411.json b/2003/1xxx/CVE-2003-1411.json index 83a5932d098..1e22fbe9298 100644 --- a/2003/1xxx/CVE-2003-1411.json +++ b/2003/1xxx/CVE-2003-1411.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030209 Cedric Email Reader (PHP)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/311173" - }, - { - "name" : "6820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6820" - }, - { - "name" : "5900", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5900" - }, - { - "name" : "8024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8024" - }, - { - "name" : "cedric-email-file-include(11278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6820" + }, + { + "name": "5900", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5900" + }, + { + "name": "8024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8024" + }, + { + "name": "cedric-email-file-include(11278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11278" + }, + { + "name": "20030209 Cedric Email Reader (PHP)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/311173" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0125.json b/2004/0xxx/CVE-2004-0125.json index 57588dadd32..b3cba9b4584 100644 --- a/2004/0xxx/CVE-2004-0125.json +++ b/2004/0xxx/CVE-2004-0125.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-04:12", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jailroute.asc" - }, - { - "name" : "10485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10485" - }, - { - "name" : "freebsd-jailed-table-modify(16342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freebsd-jailed-table-modify(16342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16342" + }, + { + "name": "10485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10485" + }, + { + "name": "FreeBSD-SA-04:12", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jailroute.asc" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0838.json b/2004/0xxx/CVE-2004-0838.json index 7c96dcc1060..b364c2b1f3c 100644 --- a/2004/0xxx/CVE-2004-0838.json +++ b/2004/0xxx/CVE-2004-0838.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A091304-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2004/a091304-1.txt" - }, - { - "name" : "11162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11162" - }, - { - "name" : "12522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12522" - }, - { - "name" : "jumpdrive-safeguard-obtain-password(17342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11162" + }, + { + "name": "12522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12522" + }, + { + "name": "A091304-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2004/a091304-1.txt" + }, + { + "name": "jumpdrive-safeguard-obtain-password(17342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17342" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0970.json b/2004/0xxx/CVE-2004-0970.json index 19723ec453d..c6b5f512ae1 100644 --- a/2004/0xxx/CVE-2004-0970.json +++ b/2004/0xxx/CVE-2004-0970.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zataz.net/adviso/ncompress-09052005.txt", - "refsource" : "MISC", - "url" : "http://www.zataz.net/adviso/ncompress-09052005.txt" - }, - { - "name" : "DSA-588", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-588" - }, - { - "name" : "2004-0050", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0050" - }, - { - "name" : "11288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11288" - }, - { - "name" : "13131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13131" - }, - { - "name" : "script-temporary-file-overwrite(17583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "script-temporary-file-overwrite(17583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" + }, + { + "name": "11288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11288" + }, + { + "name": "2004-0050", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0050" + }, + { + "name": "DSA-588", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-588" + }, + { + "name": "13131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13131" + }, + { + "name": "http://www.zataz.net/adviso/ncompress-09052005.txt", + "refsource": "MISC", + "url": "http://www.zataz.net/adviso/ncompress-09052005.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1704.json b/2004/1xxx/CVE-2004-1704.json index c5f27e39127..20eb3ca44e6 100644 --- a/2004/1xxx/CVE-2004-1704.json +++ b/2004/1xxx/CVE-2004-1704.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040730 WpQuiz Gain Admin Rightd Exploit found", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109122270013514&w=2" - }, - { - "name" : "8321", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8321" - }, - { - "name" : "wpquiz-extra-gain-access(16848)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8321", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8321" + }, + { + "name": "20040730 WpQuiz Gain Admin Rightd Exploit found", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109122270013514&w=2" + }, + { + "name": "wpquiz-extra-gain-access(16848)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16848" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1764.json b/2004/1xxx/CVE-2004-1764.json index c0963673533..03ff3e21856 100644 --- a/2004/1xxx/CVE-2004-1764.json +++ b/2004/1xxx/CVE-2004-1764.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0401-308", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/6237" - }, - { - "name" : "VU#406406", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/406406" - }, - { - "name" : "O-057", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-057.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:5789", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5789" - }, - { - "name" : "hp-libdtsvc-bo(14828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "O-057", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-057.shtml" + }, + { + "name": "hp-libdtsvc-bo(14828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14828" + }, + { + "name": "VU#406406", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/406406" + }, + { + "name": "oval:org.mitre.oval:def:5789", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5789" + }, + { + "name": "HPSBUX0401-308", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/6237" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2179.json b/2004/2xxx/CVE-2004-2179.json index 5420a82df09..5bf0c20da84 100644 --- a/2004/2xxx/CVE-2004-2179.json +++ b/2004/2xxx/CVE-2004-2179.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/378431" - }, - { - "name" : "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/378619" - }, - { - "name" : "11412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/378619" + }, + { + "name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/378431" + }, + { + "name": "11412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11412" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2295.json b/2004/2xxx/CVE-2004-2295.json index 007e145fe2c..796528476a6 100644 --- a/2004/2xxx/CVE-2004-2295.json +++ b/2004/2xxx/CVE-2004-2295.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/365865" - }, - { - "name" : "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html" - }, - { - "name" : "10524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10524" - }, - { - "name" : "7000", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7000" - }, - { - "name" : "11852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11852" - }, - { - "name" : "phpnuke-reviews-sql-injection(16407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html" + }, + { + "name": "7000", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7000" + }, + { + "name": "phpnuke-reviews-sql-injection(16407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16407" + }, + { + "name": "11852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11852" + }, + { + "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/365865" + }, + { + "name": "10524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10524" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2521.json b/2004/2xxx/CVE-2004-2521.json index f8254e24cbb..a9b242e5163 100644 --- a/2004/2xxx/CVE-2004-2521.json +++ b/2004/2xxx/CVE-2004-2521.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt" - }, - { - "name" : "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0", - "refsource" : "CONFIRM", - "url" : "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0" - }, - { - "name" : "7925", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7925" - }, - { - "name" : "1010703", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010703" - }, - { - "name" : "12071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12071" - }, - { - "name" : "gattaca-pop3-dos(16703)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt" + }, + { + "name": "gattaca-pop3-dos(16703)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16703" + }, + { + "name": "12071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12071" + }, + { + "name": "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0", + "refsource": "CONFIRM", + "url": "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0" + }, + { + "name": "1010703", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010703" + }, + { + "name": "7925", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7925" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2013.json b/2008/2xxx/CVE-2008-2013.json index 5dcce803266..0b12c8aeedc 100644 --- a/2008/2xxx/CVE-2008-2013.json +++ b/2008/2xxx/CVE-2008-2013.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5500", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5500" - }, - { - "name" : "28948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28948" - }, - { - "name" : "pnflashgames-id-sql-injection(42019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28948" + }, + { + "name": "5500", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5500" + }, + { + "name": "pnflashgames-id-sql-injection(42019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42019" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2477.json b/2008/2xxx/CVE-2008-2477.json index f47f8c7a9a4..3bb599ab78f 100644 --- a/2008/2xxx/CVE-2008-2477.json +++ b/2008/2xxx/CVE-2008-2477.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5659", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5659" - }, - { - "name" : "29307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29307" - }, - { - "name" : "ADV-2008-1593", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1593/references" - }, - { - "name" : "30318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30318" - }, - { - "name" : "mxsystem-index-sql-injection(42551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5659", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5659" + }, + { + "name": "ADV-2008-1593", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1593/references" + }, + { + "name": "29307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29307" + }, + { + "name": "mxsystem-index-sql-injection(42551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42551" + }, + { + "name": "30318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30318" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2803.json b/2008/2xxx/CVE-2008-2803.json index 3311538c769..14d1d57e37d 100644 --- a/2008/2xxx/CVE-2008-2803.json +++ b/2008/2xxx/CVE-2008-2803.json @@ -1,332 +1,332 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080708 rPSA-2008-0216-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-25.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418356", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418356" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2646", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2646" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216" - }, - { - "name" : "DSA-1607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1607" - }, - { - "name" : "DSA-1615", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1615" - }, - { - "name" : "DSA-1621", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1621" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "FEDORA-2008-6127", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" - }, - { - "name" : "FEDORA-2008-6193", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" - }, - { - "name" : "FEDORA-2008-6196", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" - }, - { - "name" : "FEDORA-2008-6706", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" - }, - { - "name" : "FEDORA-2008-6737", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" - }, - { - "name" : "GLSA-200808-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml" - }, - { - "name" : "MDVSA-2008:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" - }, - { - "name" : "MDVSA-2008:155", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" - }, - { - "name" : "RHSA-2008:0547", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0547.html" - }, - { - "name" : "RHSA-2008:0549", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0549.html" - }, - { - "name" : "RHSA-2008:0569", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0569.html" - }, - { - "name" : "RHSA-2008:0616", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html" - }, - { - "name" : "SSA:2008-191-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" - }, - { - "name" : "SSA:2008-210-05", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484" - }, - { - "name" : "SSA:2008-191", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:034", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" - }, - { - "name" : "USN-619-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-619-1" - }, - { - "name" : "USN-629-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-629-1" - }, - { - "name" : "30038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30038" - }, - { - "name" : "oval:org.mitre.oval:def:10747", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10747" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "31076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31076" - }, - { - "name" : "ADV-2008-1993", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1993/references" - }, - { - "name" : "1020419", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020419" - }, - { - "name" : "30911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30911" - }, - { - "name" : "30915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30915" - }, - { - "name" : "30878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30878" - }, - { - "name" : "30898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30898" - }, - { - "name" : "30903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30903" - }, - { - "name" : "30949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30949" - }, - { - "name" : "31005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31005" - }, - { - "name" : "31008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31008" - }, - { - "name" : "31069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31069" - }, - { - "name" : "31023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31023" - }, - { - "name" : "31183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31183" - }, - { - "name" : "31195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31195" - }, - { - "name" : "31220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31220" - }, - { - "name" : "31253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31253" - }, - { - "name" : "31377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31377" - }, - { - "name" : "31286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31286" - }, - { - "name" : "31403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31403" - }, - { - "name" : "31021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31021" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2008:034", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" + }, + { + "name": "RHSA-2008:0549", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "31021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31021" + }, + { + "name": "30898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30898" + }, + { + "name": "31403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31403" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2646", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2646" + }, + { + "name": "30949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30949" + }, + { + "name": "SSA:2008-191-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "31069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31069" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=418356", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=418356" + }, + { + "name": "31008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31008" + }, + { + "name": "31377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31377" + }, + { + "name": "RHSA-2008:0616", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html" + }, + { + "name": "ADV-2008-1993", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1993/references" + }, + { + "name": "31023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31023" + }, + { + "name": "MDVSA-2008:155", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" + }, + { + "name": "30038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30038" + }, + { + "name": "30915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30915" + }, + { + "name": "DSA-1607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1607" + }, + { + "name": "GLSA-200808-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml" + }, + { + "name": "oval:org.mitre.oval:def:10747", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10747" + }, + { + "name": "31005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31005" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "FEDORA-2008-6127", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" + }, + { + "name": "1020419", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020419" + }, + { + "name": "31253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31253" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" + }, + { + "name": "FEDORA-2008-6737", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" + }, + { + "name": "31183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31183" + }, + { + "name": "30903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30903" + }, + { + "name": "RHSA-2008:0547", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html" + }, + { + "name": "FEDORA-2008-6193", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" + }, + { + "name": "USN-629-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-629-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-25.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-25.html" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "SSA:2008-191", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" + }, + { + "name": "SSA:2008-210-05", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484" + }, + { + "name": "DSA-1615", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1615" + }, + { + "name": "FEDORA-2008-6706", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" + }, + { + "name": "31220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31220" + }, + { + "name": "31195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31195" + }, + { + "name": "31076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31076" + }, + { + "name": "USN-619-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-619-1" + }, + { + "name": "30911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30911" + }, + { + "name": "RHSA-2008:0569", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html" + }, + { + "name": "30878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30878" + }, + { + "name": "DSA-1621", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1621" + }, + { + "name": "20080708 rPSA-2008-0216-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" + }, + { + "name": "31286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31286" + }, + { + "name": "FEDORA-2008-6196", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + }, + { + "name": "MDVSA-2008:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6189.json b/2008/6xxx/CVE-2008-6189.json index a51502a9c2f..840e2e7e85e 100644 --- a/2008/6xxx/CVE-2008-6189.json +++ b/2008/6xxx/CVE-2008-6189.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gforge.org/tracker/index.php?func=detail&aid=5552&group_id=1&atid=105", - "refsource" : "CONFIRM", - "url" : "http://gforge.org/tracker/index.php?func=detail&aid=5552&group_id=1&atid=105" - }, - { - "name" : "32217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32217" - }, - { - "name" : "gforge-topusers-sql-injection(45802)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32217" + }, + { + "name": "http://gforge.org/tracker/index.php?func=detail&aid=5552&group_id=1&atid=105", + "refsource": "CONFIRM", + "url": "http://gforge.org/tracker/index.php?func=detail&aid=5552&group_id=1&atid=105" + }, + { + "name": "gforge-topusers-sql-injection(45802)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45802" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6774.json b/2008/6xxx/CVE-2008-6774.json index 94334f6547c..313917ae171 100644 --- a/2008/6xxx/CVE-2008-6774.json +++ b/2008/6xxx/CVE-2008-6774.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33272" - }, - { - "name" : "yourplace-edit-security-bypass(47566)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yourplace-edit-security-bypass(47566)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47566" + }, + { + "name": "33272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33272" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1552.json b/2012/1xxx/CVE-2012-1552.json index 09a7d12c1cc..21a494cb22e 100644 --- a/2012/1xxx/CVE-2012-1552.json +++ b/2012/1xxx/CVE-2012-1552.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1552", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1552", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1846.json b/2012/1xxx/CVE-2012-1846.json index 958ce585dc7..3c312abd4ae 100644 --- a/2012/1xxx/CVE-2012-1846.json +++ b/2012/1xxx/CVE-2012-1846.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated \"it really doesn't matter if it's third-party code.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pwn2own.zerodayinitiative.com/status.html", - "refsource" : "MISC", - "url" : "http://pwn2own.zerodayinitiative.com/status.html" - }, - { - "name" : "http://twitter.com/vupen/statuses/177576000761237505", - "refsource" : "MISC", - "url" : "http://twitter.com/vupen/statuses/177576000761237505" - }, - { - "name" : "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/" - }, - { - "name" : "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588", - "refsource" : "MISC", - "url" : "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588" - }, - { - "name" : "oval:org.mitre.oval:def:14940", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14940" - }, - { - "name" : "chrome-sandbox-security-bypass(74324)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated \"it really doesn't matter if it's third-party code.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pwn2own.zerodayinitiative.com/status.html", + "refsource": "MISC", + "url": "http://pwn2own.zerodayinitiative.com/status.html" + }, + { + "name": "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/" + }, + { + "name": "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588", + "refsource": "MISC", + "url": "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588" + }, + { + "name": "http://twitter.com/vupen/statuses/177576000761237505", + "refsource": "MISC", + "url": "http://twitter.com/vupen/statuses/177576000761237505" + }, + { + "name": "oval:org.mitre.oval:def:14940", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14940" + }, + { + "name": "chrome-sandbox-security-bypass(74324)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74324" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5260.json b/2012/5xxx/CVE-2012-5260.json index ded44dec2ba..89b31c81677 100644 --- a/2012/5xxx/CVE-2012-5260.json +++ b/2012/5xxx/CVE-2012-5260.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html" - }, - { - "name" : "openSUSE-SU-2013:0370", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" - }, - { - "name" : "86037", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86037" - }, - { - "name" : "adobe-cve20125260-bo(79081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0370", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" + }, + { + "name": "86037", + "refsource": "OSVDB", + "url": "http://osvdb.org/86037" + }, + { + "name": "adobe-cve20125260-bo(79081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79081" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5483.json b/2012/5xxx/CVE-2012-5483.json index 6f336c3fdff..6c58d2820e3 100644 --- a/2012/5xxx/CVE-2012-5483.json +++ b/2012/5xxx/CVE-2012-5483.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=873447", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=873447" - }, - { - "name" : "FEDORA-2012-19341", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html" - }, - { - "name" : "RHSA-2012:1556", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1556.html" - }, - { - "name" : "56888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56888" - }, - { - "name" : "keystone-secret-key-info-disc(80612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56888" + }, + { + "name": "RHSA-2012:1556", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=873447", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873447" + }, + { + "name": "keystone-secret-key-info-disc(80612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80612" + }, + { + "name": "FEDORA-2012-19341", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5570.json b/2012/5xxx/CVE-2012-5570.json index 0d1a2123a97..7b5a8102777 100644 --- a/2012/5xxx/CVE-2012-5570.json +++ b/2012/5xxx/CVE-2012-5570.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5570", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5570", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5573.json b/2012/5xxx/CVE-2012-5573.json index 90f4d031b51..d59b4587fc4 100644 --- a/2012/5xxx/CVE-2012-5573.json +++ b/2012/5xxx/CVE-2012-5573.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121126 Re: tor DoS via SENDME cells", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/11/26/11" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=444804", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=444804" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=880310", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=880310" - }, - { - "name" : "https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/6252", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/6252" - }, - { - "name" : "GLSA-201301-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201301-03.xml" - }, - { - "name" : "51329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51329" - }, - { - "name" : "tor-sendme-dos(80289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201301-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201301-03.xml" + }, + { + "name": "https://trac.torproject.org/projects/tor/ticket/6252", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/6252" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=444804", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=444804" + }, + { + "name": "51329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51329" + }, + { + "name": "https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16" + }, + { + "name": "[oss-security] 20121126 Re: tor DoS via SENDME cells", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/11/26/11" + }, + { + "name": "https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes" + }, + { + "name": "tor-sendme-dos(80289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80289" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=880310", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880310" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5678.json b/2012/5xxx/CVE-2012-5678.json index ce911f8f980..787d6e7ca9e 100644 --- a/2012/5xxx/CVE-2012-5678.json +++ b/2012/5xxx/CVE-2012-5678.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-27.html" - }, - { - "name" : "openSUSE-SU-2013:0139", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:0368", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0368", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html" + }, + { + "name": "openSUSE-SU-2013:0139", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-27.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-27.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5977.json b/2012/5xxx/CVE-2012-5977.json index e3465457f57..af932a20b35 100644 --- a/2012/5xxx/CVE-2012-5977.json +++ b/2012/5xxx/CVE-2012-5977.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2012-015", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2012-015" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-20175", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-20175" - }, - { - "name" : "DSA-2605", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2605", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2605" + }, + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-20175", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2012-015", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2012-015" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11240.json b/2017/11xxx/CVE-2017-11240.json index 0b94db42c32..b6cf5c78e56 100644 --- a/2017/11xxx/CVE-2017-11240.json +++ b/2017/11xxx/CVE-2017-11240.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11547.json b/2017/11xxx/CVE-2017-11547.json index 7af3a1d46a6..e6a4fe18f1d 100644 --- a/2017/11xxx/CVE-2017-11547.json +++ b/2017/11xxx/CVE-2017-11547.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/83", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/83" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/83", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/83" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11608.json b/2017/11xxx/CVE-2017-11608.json index 2f812d3fd34..0cc0823fe4d 100644 --- a/2017/11xxx/CVE-2017-11608.json +++ b/2017/11xxx/CVE-2017-11608.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1474276", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1474276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1474276", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474276" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11857.json b/2017/11xxx/CVE-2017-11857.json index b21dec465fe..31b7eb73441 100644 --- a/2017/11xxx/CVE-2017-11857.json +++ b/2017/11xxx/CVE-2017-11857.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11857", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11857", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15399.json b/2017/15xxx/CVE-2017-15399.json index ac84119222f..d284933a8c9 100644 --- a/2017/15xxx/CVE-2017-15399.json +++ b/2017/15xxx/CVE-2017-15399.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-15399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 62.0.3202.89 unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 62.0.3202.89 unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-15399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 62.0.3202.89 unknown", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 62.0.3202.89 unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/776677", - "refsource" : "MISC", - "url" : "https://crbug.com/776677" - }, - { - "name" : "DSA-4024", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4024" - }, - { - "name" : "GLSA-201711-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-02" - }, - { - "name" : "RHSA-2017:3151", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3151" - }, - { - "name" : "101692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html" + }, + { + "name": "101692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101692" + }, + { + "name": "DSA-4024", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4024" + }, + { + "name": "https://crbug.com/776677", + "refsource": "MISC", + "url": "https://crbug.com/776677" + }, + { + "name": "GLSA-201711-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-02" + }, + { + "name": "RHSA-2017:3151", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3151" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15947.json b/2017/15xxx/CVE-2017-15947.json index ff7575793d0..515360a6693 100644 --- a/2017/15xxx/CVE-2017-15947.json +++ b/2017/15xxx/CVE-2017-15947.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=2072", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=2072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=2072", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=2072" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3247.json b/2017/3xxx/CVE-2017-3247.json index af8adf5bddf..629e4507690 100644 --- a/2017/3xxx/CVE-2017-3247.json +++ b/2017/3xxx/CVE-2017-3247.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GlassFish Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "3.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GlassFish Server", + "version": { + "version_data": [ + { + "version_value": "2.1.1" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "3.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95483" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3480.json b/2017/3xxx/CVE-2017-3480.json index 0b1e12072d7..6573739b4d5 100644 --- a/2017/3xxx/CVE-2017-3480.json +++ b/2017/3xxx/CVE-2017-3480.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3.0" - }, - { - "version_affected" : "=", - "version_value" : "11.4.0" - }, - { - "version_affected" : "=", - "version_value" : "12.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and 12.0.1. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3.0" + }, + { + "version_affected": "=", + "version_value": "11.4.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97832" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and 12.0.1. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + }, + { + "name": "97832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97832" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3701.json b/2017/3xxx/CVE-2017-3701.json index 4f58250f723..f52d7727d43 100644 --- a/2017/3xxx/CVE-2017-3701.json +++ b/2017/3xxx/CVE-2017-3701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3819.json b/2017/3xxx/CVE-2017-3819.json index fa4a514f670..2293a03ba62 100644 --- a/2017/3xxx/CVE-2017-3819.json +++ b/2017/3xxx/CVE-2017-3819.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco StarOS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco StarOS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation Vulnerability CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco StarOS", + "version": { + "version_data": [ + { + "version_value": "Cisco StarOS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr" - }, - { - "name" : "96913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96913" - }, - { - "name" : "1038050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation Vulnerability CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96913" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr" + }, + { + "name": "1038050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038050" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3870.json b/2017/3xxx/CVE-2017-3870.json index 420fb6b4ad6..b8368b86856 100644 --- a/2017/3xxx/CVE-2017-3870.json +++ b/2017/3xxx/CVE-2017-3870.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Web Security Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Web Security Appliance" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "URL Filtering Bypass Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Web Security Appliance", + "version": { + "version_data": [ + { + "version_value": "Cisco Web Security Appliance" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa" - }, - { - "name" : "96907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96907" - }, - { - "name" : "1038043", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Filtering Bypass Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa" + }, + { + "name": "96907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96907" + }, + { + "name": "1038043", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038043" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7210.json b/2017/7xxx/CVE-2017-7210.json index fb0a0564bf6..3678c14fdda 100644 --- a/2017/7xxx/CVE-2017-7210.json +++ b/2017/7xxx/CVE-2017-7210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21157", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" - }, - { - "name" : "GLSA-201801-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-01" - }, - { - "name" : "96992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96992" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21157", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" + }, + { + "name": "GLSA-201801-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7620.json b/2017/7xxx/CVE-2017-7620.json index 2e2b9b449ce..0d53337e8a6 100644 --- a/2017/7xxx/CVE-2017-7620.json +++ b/2017/7xxx/CVE-2017-7620.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \\/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42043", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42043/" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt" - }, - { - "name" : "https://mantisbt.org/bugs/view.php?id=22702", - "refsource" : "CONFIRM", - "url" : "https://mantisbt.org/bugs/view.php?id=22702" - }, - { - "name" : "https://mantisbt.org/bugs/view.php?id=22816", - "refsource" : "CONFIRM", - "url" : "https://mantisbt.org/bugs/view.php?id=22816" - }, - { - "name" : "1038538", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \\/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://mantisbt.org/bugs/view.php?id=22816", + "refsource": "CONFIRM", + "url": "https://mantisbt.org/bugs/view.php?id=22816" + }, + { + "name": "1038538", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038538" + }, + { + "name": "42043", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42043/" + }, + { + "name": "https://mantisbt.org/bugs/view.php?id=22702", + "refsource": "CONFIRM", + "url": "https://mantisbt.org/bugs/view.php?id=22702" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8096.json b/2017/8xxx/CVE-2017-8096.json index 98fb292030c..96c8ba8a930 100644 --- a/2017/8xxx/CVE-2017-8096.json +++ b/2017/8xxx/CVE-2017-8096.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8096", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8096", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8760.json b/2017/8xxx/CVE-2017-8760.json index ebbf5d954d5..1ecb037a6db 100644 --- a/2017/8xxx/CVE-2017-8760.json +++ b/2017/8xxx/CVE-2017-8760.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb", - "refsource" : "MISC", - "url" : "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb", + "refsource": "MISC", + "url": "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10378.json b/2018/10xxx/CVE-2018-10378.json index e604634e5b6..d8253b3c0e9 100644 --- a/2018/10xxx/CVE-2018-10378.json +++ b/2018/10xxx/CVE-2018-10378.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10378", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10378", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12014.json b/2018/12xxx/CVE-2018-12014.json index 10350e1c692..b6541b91584 100644 --- a/2018/12xxx/CVE-2018-12014.json +++ b/2018/12xxx/CVE-2018-12014.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-12014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in HLOS Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-12014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin" - }, - { - "name" : "106496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in HLOS Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin" + }, + { + "name": "106496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106496" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12451.json b/2018/12xxx/CVE-2018-12451.json index e9285e1fae6..bdb650c4c8d 100644 --- a/2018/12xxx/CVE-2018-12451.json +++ b/2018/12xxx/CVE-2018-12451.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12451", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12451", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12466.json b/2018/12xxx/CVE-2018-12466.json index 21d59d513fd..97394fa91d7 100644 --- a/2018/12xxx/CVE-2018-12466.json +++ b/2018/12xxx/CVE-2018-12466.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2018-07-24T00:00:00.000Z", - "ID" : "CVE-2018-12466", - "STATE" : "PUBLIC", - "TITLE" : "openbuildservice allowed deleting packages via project links" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "openbuildservice", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "2.9.4" - } - ] - } - } - ] - }, - "vendor_name" : "opensuse" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Marcus Hüwe" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 4.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-07-24T00:00:00.000Z", + "ID": "CVE-2018-12466", + "STATE": "PUBLIC", + "TITLE": "openbuildservice allowed deleting packages via project links" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openbuildservice", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "2.9.4" + } + ] + } + } + ] + }, + "vendor_name": "opensuse" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466" - }, - { - "name" : "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063", - "refsource" : "CONFIRM", - "url" : "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063" - }, - { - "name" : "104958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104958" - } - ] - }, - "source" : { - "defect" : [ - "1098934" - ], - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Marcus H\u00fcwe" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104958" + }, + { + "name": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063", + "refsource": "CONFIRM", + "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466" + } + ] + }, + "source": { + "defect": [ + "1098934" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12473.json b/2018/12xxx/CVE-2018-12473.json index 5b751cd35d8..640dfb206db 100644 --- a/2018/12xxx/CVE-2018-12473.json +++ b/2018/12xxx/CVE-2018-12473.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2018-09-26T00:00:00.000Z", - "ID" : "CVE-2018-12473", - "STATE" : "PUBLIC", - "TITLE" : "path traversal in obs-service-tar_scm" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Open Build Service", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "70d1aa4cc4d7b940180553a63805c22fc62e2cf0" - } - ] - } - } - ] - }, - "vendor_name" : "openSUSE" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Ludwig Nussel of SUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 3.1, - "baseSeverity" : "LOW", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-23, path traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-09-26T00:00:00.000Z", + "ID": "CVE-2018-12473", + "STATE": "PUBLIC", + "TITLE": "path traversal in obs-service-tar_scm" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Build Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "70d1aa4cc4d7b940180553a63805c22fc62e2cf0" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1105361", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1105361" - }, - { - "name" : "https://github.com/openSUSE/obs-service-tar_scm/pull/248", - "refsource" : "CONFIRM", - "url" : "https://github.com/openSUSE/obs-service-tar_scm/pull/248" - } - ] - }, - "source" : { - "advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1105361", - "defect" : [ - "https://bugzilla.suse.com/show_bug.cgi?id=1105361" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Ludwig Nussel of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23, path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1105361", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1105361" + }, + { + "name": "https://github.com/openSUSE/obs-service-tar_scm/pull/248", + "refsource": "CONFIRM", + "url": "https://github.com/openSUSE/obs-service-tar_scm/pull/248" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1105361", + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1105361" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12989.json b/2018/12xxx/CVE-2018-12989.json index d8c0354b79c..bab912669da 100644 --- a/2018/12xxx/CVE-2018-12989.json +++ b/2018/12xxx/CVE-2018-12989.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://computeco.de/2018-07-29_1.html", - "refsource" : "MISC", - "url" : "https://computeco.de/2018-07-29_1.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://computeco.de/2018-07-29_1.html", + "refsource": "MISC", + "url": "https://computeco.de/2018-07-29_1.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13506.json b/2018/13xxx/CVE-2018-13506.json index 6a3927b5cf3..326dde2cbf4 100644 --- a/2018/13xxx/CVE-2018-13506.json +++ b/2018/13xxx/CVE-2018-13506.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SDR22", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SDR22" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SDR22", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SDR22" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13936.json b/2018/13xxx/CVE-2018-13936.json index 8e793914a32..164da987512 100644 --- a/2018/13xxx/CVE-2018-13936.json +++ b/2018/13xxx/CVE-2018-13936.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13936", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13936", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16655.json b/2018/16xxx/CVE-2018-16655.json index 7946fa90d00..aadf78ab53f 100644 --- a/2018/16xxx/CVE-2018-16655.json +++ b/2018/16xxx/CVE-2018-16655.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lengjibo/lengjibo.github.io/blob/master/gxlcms/index.html", - "refsource" : "MISC", - "url" : "https://github.com/lengjibo/lengjibo.github.io/blob/master/gxlcms/index.html" - }, - { - "name" : "https://lengjibo.github.io/gxlcms/", - "refsource" : "MISC", - "url" : "https://lengjibo.github.io/gxlcms/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lengjibo.github.io/gxlcms/", + "refsource": "MISC", + "url": "https://lengjibo.github.io/gxlcms/" + }, + { + "name": "https://github.com/lengjibo/lengjibo.github.io/blob/master/gxlcms/index.html", + "refsource": "MISC", + "url": "https://github.com/lengjibo/lengjibo.github.io/blob/master/gxlcms/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16951.json b/2018/16xxx/CVE-2018-16951.json index acc5679b3fa..c3a28cc0314 100644 --- a/2018/16xxx/CVE-2018-16951.json +++ b/2018/16xxx/CVE-2018-16951.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ysrc/xunfeng/issues/176", - "refsource" : "MISC", - "url" : "https://github.com/ysrc/xunfeng/issues/176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ysrc/xunfeng/issues/176", + "refsource": "MISC", + "url": "https://github.com/ysrc/xunfeng/issues/176" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17159.json b/2018/17xxx/CVE-2018-17159.json index e4524508795..56e62ab265d 100644 --- a/2018/17xxx/CVE-2018-17159.json +++ b/2018/17xxx/CVE-2018-17159.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "ID" : "CVE-2018-17159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "FreeBSD 11.2 before 11.2-RELEASE-p5" - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Kernel improper bounds checking" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2018-17159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "FreeBSD 11.2 before 11.2-RELEASE-p5" + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/" - }, - { - "name" : "FreeBSD-SA-18:13", - "refsource" : "FREEBSD", - "url" : "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc" - }, - { - "name" : "106192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106192" - }, - { - "name" : "1042164", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Kernel improper bounds checking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106192" + }, + { + "name": "FreeBSD-SA-18:13", + "refsource": "FREEBSD", + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc" + }, + { + "name": "1042164", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042164" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17173.json b/2018/17xxx/CVE-2018-17173.json index b0a87b77902..6e01f6b9db0 100644 --- a/2018/17xxx/CVE-2018-17173.json +++ b/2018/17xxx/CVE-2018-17173.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45448", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45448/" - }, - { - "name" : "http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html", - "refsource" : "MISC", - "url" : "http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45448", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45448/" + }, + { + "name": "http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html", + "refsource": "MISC", + "url": "http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17635.json b/2018/17xxx/CVE-2018-17635.json index 8b601dd3c8a..a1c975a78cb 100644 --- a/2018/17xxx/CVE-2018-17635.json +++ b/2018/17xxx/CVE-2018-17635.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1177/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1177/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1177/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1177/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17696.json b/2018/17xxx/CVE-2018-17696.json index dee565422a6..2c824a4ab5b 100644 --- a/2018/17xxx/CVE-2018-17696.json +++ b/2018/17xxx/CVE-2018-17696.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7169." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1223/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1223/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7169." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1223/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1223/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17884.json b/2018/17xxx/CVE-2018-17884.json index 82e31bdedf0..7b97c58fd3c 100644 --- a/2018/17xxx/CVE-2018-17884.json +++ b/2018/17xxx/CVE-2018-17884.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.defensecode.com/advisories/DC-2018-05-008_WordPress_Gwolle_Guestbook_Plugin_Advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.defensecode.com/advisories/DC-2018-05-008_WordPress_Gwolle_Guestbook_Plugin_Advisory.pdf" - }, - { - "name" : "https://seclists.org/bugtraq/2018/Jul/74", - "refsource" : "MISC", - "url" : "https://seclists.org/bugtraq/2018/Jul/74" - }, - { - "name" : "https://wordpress.org/plugins/gwolle-gb/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/gwolle-gb/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://seclists.org/bugtraq/2018/Jul/74", + "refsource": "MISC", + "url": "https://seclists.org/bugtraq/2018/Jul/74" + }, + { + "name": "http://www.defensecode.com/advisories/DC-2018-05-008_WordPress_Gwolle_Guestbook_Plugin_Advisory.pdf", + "refsource": "MISC", + "url": "http://www.defensecode.com/advisories/DC-2018-05-008_WordPress_Gwolle_Guestbook_Plugin_Advisory.pdf" + }, + { + "name": "https://wordpress.org/plugins/gwolle-gb/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/gwolle-gb/#developers" + } + ] + } +} \ No newline at end of file