From af80621d210a9de2d6686c84c0cb4286dcd46740 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:59:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0240.json | 140 ++++++------- 2002/0xxx/CVE-2002-0278.json | 140 ++++++------- 2002/0xxx/CVE-2002-0373.json | 140 ++++++------- 2002/0xxx/CVE-2002-0654.json | 170 ++++++++-------- 2002/0xxx/CVE-2002-0931.json | 160 +++++++-------- 2002/1xxx/CVE-2002-1393.json | 310 ++++++++++++++--------------- 2002/1xxx/CVE-2002-1538.json | 140 ++++++------- 2002/2xxx/CVE-2002-2042.json | 140 ++++++------- 2002/2xxx/CVE-2002-2208.json | 230 ++++++++++----------- 2002/2xxx/CVE-2002-2364.json | 130 ++++++------ 2003/0xxx/CVE-2003-0646.json | 130 ++++++------ 2003/0xxx/CVE-2003-0730.json | 270 ++++++++++++------------- 2009/5xxx/CVE-2009-5074.json | 120 +++++------ 2012/0xxx/CVE-2012-0161.json | 170 ++++++++-------- 2012/0xxx/CVE-2012-0270.json | 160 +++++++-------- 2012/0xxx/CVE-2012-0473.json | 200 +++++++++---------- 2012/0xxx/CVE-2012-0847.json | 150 +++++++------- 2012/1xxx/CVE-2012-1346.json | 120 +++++------ 2012/3xxx/CVE-2012-3256.json | 140 ++++++------- 2012/3xxx/CVE-2012-3270.json | 160 +++++++-------- 2012/3xxx/CVE-2012-3404.json | 180 ++++++++--------- 2012/3xxx/CVE-2012-3559.json | 120 +++++------ 2012/4xxx/CVE-2012-4071.json | 160 +++++++-------- 2012/4xxx/CVE-2012-4430.json | 220 ++++++++++---------- 2012/4xxx/CVE-2012-4593.json | 120 +++++------ 2012/4xxx/CVE-2012-4777.json | 180 ++++++++--------- 2012/4xxx/CVE-2012-4791.json | 140 ++++++------- 2017/1002xxx/CVE-2017-1002026.json | 138 ++++++------- 2017/2xxx/CVE-2017-2016.json | 34 ++-- 2017/2xxx/CVE-2017-2845.json | 132 ++++++------ 2017/2xxx/CVE-2017-2851.json | 132 ++++++------ 2017/3xxx/CVE-2017-3695.json | 34 ++-- 2017/6xxx/CVE-2017-6248.json | 140 ++++++------- 2017/6xxx/CVE-2017-6495.json | 34 ++-- 2017/6xxx/CVE-2017-6555.json | 130 ++++++------ 2017/6xxx/CVE-2017-6688.json | 130 ++++++------ 2017/6xxx/CVE-2017-6845.json | 120 +++++------ 2017/7xxx/CVE-2017-7649.json | 132 ++++++------ 2017/7xxx/CVE-2017-7984.json | 130 ++++++------ 2018/10xxx/CVE-2018-10931.json | 150 +++++++------- 2018/10xxx/CVE-2018-10934.json | 34 ++-- 2018/14xxx/CVE-2018-14108.json | 34 ++-- 2018/14xxx/CVE-2018-14251.json | 130 ++++++------ 2018/14xxx/CVE-2018-14993.json | 34 ++-- 2018/15xxx/CVE-2018-15153.json | 160 +++++++-------- 2018/15xxx/CVE-2018-15735.json | 34 ++-- 2018/20xxx/CVE-2018-20002.json | 150 +++++++------- 2018/20xxx/CVE-2018-20534.json | 130 ++++++------ 2018/20xxx/CVE-2018-20546.json | 150 +++++++------- 2018/20xxx/CVE-2018-20691.json | 34 ++-- 2018/9xxx/CVE-2018-9043.json | 120 +++++------ 2018/9xxx/CVE-2018-9401.json | 34 ++-- 2018/9xxx/CVE-2018-9838.json | 120 +++++------ 2018/9xxx/CVE-2018-9842.json | 180 ++++++++--------- 2018/9xxx/CVE-2018-9943.json | 130 ++++++------ 55 files changed, 3675 insertions(+), 3675 deletions(-) diff --git a/2002/0xxx/CVE-2002-0240.json b/2002/0xxx/CVE-2002-0240.json index b93129b9973..5dd4d25299d 100644 --- a/2002/0xxx/CVE-2002-0240.json +++ b/2002/0xxx/CVE-2002-0240.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020207 PHP Advisory #2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101311746611160&w=2" - }, - { - "name" : "4057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4057" - }, - { - "name" : "apache-php-options-information(8119)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8119.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4057" + }, + { + "name": "20020207 PHP Advisory #2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101311746611160&w=2" + }, + { + "name": "apache-php-options-information(8119)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8119.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0278.json b/2002/0xxx/CVE-2002-0278.json index 5756f3ffdef..29b045b3d05 100644 --- a/2002/0xxx/CVE-2002-0278.json +++ b/2002/0xxx/CVE-2002-0278.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020214 Add2it Mailman command execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101371994219708&w=2" - }, - { - "name" : "http://www.add2it.com/scripts/mailman-free-history.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.add2it.com/scripts/mailman-free-history.shtml" - }, - { - "name" : "mailman-open-execute-commands(8202)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8202.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mailman-open-execute-commands(8202)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8202.php" + }, + { + "name": "20020214 Add2it Mailman command execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101371994219708&w=2" + }, + { + "name": "http://www.add2it.com/scripts/mailman-free-history.shtml", + "refsource": "CONFIRM", + "url": "http://www.add2it.com/scripts/mailman-free-history.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0373.json b/2002/0xxx/CVE-2002-0373.json index c3436486e90..a3c77c4897b 100644 --- a/2002/0xxx/CVE-2002-0373.json +++ b/2002/0xxx/CVE-2002-0373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka \"Privilege Elevation through Windows Media Device Manager Service\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-032" - }, - { - "name" : "mediaplayer-wmdm-privilege-elevation(9421)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9421.php" - }, - { - "name" : "5109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka \"Privilege Elevation through Windows Media Device Manager Service\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mediaplayer-wmdm-privilege-elevation(9421)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9421.php" + }, + { + "name": "5109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5109" + }, + { + "name": "MS02-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-032" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0654.json b/2002/0xxx/CVE-2002-0654.json index fb21359598f..2a72a6fc49d 100644 --- a/2002/0xxx/CVE-2002-0654.json +++ b/2002/0xxx/CVE-2002-0654.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020816 Apache 2.0.39 directory traversal and path disclosure bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102951160411052&w=2" - }, - { - "name" : "http://www.apache.org/dist/httpd/CHANGES_2.0", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/httpd/CHANGES_2.0" - }, - { - "name" : "5486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5486" - }, - { - "name" : "5485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5485" - }, - { - "name" : "apache-var-path-disclosure(9875)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9875.php" - }, - { - "name" : "apache-cgi-path-disclosure(9876)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9876.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apache-cgi-path-disclosure(9876)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9876.php" + }, + { + "name": "http://www.apache.org/dist/httpd/CHANGES_2.0", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/httpd/CHANGES_2.0" + }, + { + "name": "5485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5485" + }, + { + "name": "apache-var-path-disclosure(9875)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9875.php" + }, + { + "name": "5486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5486" + }, + { + "name": "20020816 Apache 2.0.39 directory traversal and path disclosure bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102951160411052&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0931.json b/2002/0xxx/CVE-2002-0931.json index d44d3d1640b..0fb728bc5d5 100644 --- a/2002/0xxx/CVE-2002-0931.json +++ b/2002/0xxx/CVE-2002-0931.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the \"id\" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html" - }, - { - "name" : "4967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4967" - }, - { - "name" : "4970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4970" - }, - { - "name" : "myhelpdesk-new-ticket-xss(9319)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9319.php" - }, - { - "name" : "myhelpdesk-index-php-xss(9320)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9320.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the \"id\" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "myhelpdesk-index-php-xss(9320)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9320.php" + }, + { + "name": "4970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4970" + }, + { + "name": "20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html" + }, + { + "name": "4967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4967" + }, + { + "name": "myhelpdesk-new-ticket-xss(9319)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9319.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1393.json b/2002/1xxx/CVE-2002-1393.json index 72a024575b7..6de4a84dd69 100644 --- a/2002/1xxx/CVE-2002-1393.json +++ b/2002/1xxx/CVE-2002-1393.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021221 KDE Security Advisory: Multiple vulnerabilities in KDE", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104049734911544&w=2" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20021220-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20021220-1.txt" - }, - { - "name" : "CLA-2003:569", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569" - }, - { - "name" : "DSA-234", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-234" - }, - { - "name" : "DSA-235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-235" - }, - { - "name" : "DSA-236", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-236" - }, - { - "name" : "DSA-237", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-237" - }, - { - "name" : "DSA-238", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-238" - }, - { - "name" : "DSA-239", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-239" - }, - { - "name" : "DSA-240", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-240" - }, - { - "name" : "DSA-241", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-241" - }, - { - "name" : "DSA-242", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-242" - }, - { - "name" : "DSA-243", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-243" - }, - { - "name" : "MDKSA-2003:004", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:004" - }, - { - "name" : "20021222 GLSA: kde-3.0.x", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104066520330397&w=2" - }, - { - "name" : "RHSA-2003:002", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-002.html" - }, - { - "name" : "RHSA-2003:003", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-003.html" - }, - { - "name" : "6462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6462" - }, - { - "name" : "8103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8103" - }, - { - "name" : "8067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-243", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-243" + }, + { + "name": "DSA-236", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-236" + }, + { + "name": "DSA-234", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-234" + }, + { + "name": "DSA-242", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-242" + }, + { + "name": "DSA-235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-235" + }, + { + "name": "DSA-241", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-241" + }, + { + "name": "8103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8103" + }, + { + "name": "8067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8067" + }, + { + "name": "DSA-239", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-239" + }, + { + "name": "RHSA-2003:002", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-002.html" + }, + { + "name": "DSA-240", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-240" + }, + { + "name": "RHSA-2003:003", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-003.html" + }, + { + "name": "20021221 KDE Security Advisory: Multiple vulnerabilities in KDE", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104049734911544&w=2" + }, + { + "name": "6462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6462" + }, + { + "name": "CLA-2003:569", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569" + }, + { + "name": "DSA-238", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-238" + }, + { + "name": "MDKSA-2003:004", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:004" + }, + { + "name": "20021222 GLSA: kde-3.0.x", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104066520330397&w=2" + }, + { + "name": "http://www.kde.org/info/security/advisory-20021220-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20021220-1.txt" + }, + { + "name": "DSA-237", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-237" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1538.json b/2002/1xxx/CVE-2002-1538.json index ac2a807afca..00441b51780 100644 --- a/2002/1xxx/CVE-2002-1538.json +++ b/2002/1xxx/CVE-2002-1538.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021025 Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0366.html" - }, - { - "name" : "acusend-unauthorized-file-access(10473)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10473.php" - }, - { - "name" : "6048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021025 Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0366.html" + }, + { + "name": "6048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6048" + }, + { + "name": "acusend-unauthorized-file-access(10473)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10473.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2042.json b/2002/2xxx/CVE-2002-2042.json index 1b1ac5a3d65..cbb965bd7d1 100644 --- a/2002/2xxx/CVE-2002-2042.json +++ b/2002/2xxx/CVE-2002-2042.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020603 QNX", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/275218" - }, - { - "name" : "4919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4919" - }, - { - "name" : "qnx-rtos-process-modification(9260)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9260.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "qnx-rtos-process-modification(9260)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9260.php" + }, + { + "name": "20020603 QNX", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/275218" + }, + { + "name": "4919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4919" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2208.json b/2002/2xxx/CVE-2002-2208.json index 69bc253d861..13ccf4307ec 100644 --- a/2002/2xxx/CVE-2002-2208.json +++ b/2002/2xxx/CVE-2002-2208.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021219 Cisco IOS EIGRP Network DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/304034" - }, - { - "name" : "20021219 Re: Cisco IOS EIGRP Network DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/304044" - }, - { - "name" : "20021220 Cisco's Response to the EIGRP Issue", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/tech/tk365/technologies_security_notice09186a008011c5e1.html" - }, - { - "name" : "20051219 Unauthenticated EIGRP DoS", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040330.html" - }, - { - "name" : "20051220 RE: Authenticated EIGRP DoS / Information leak", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113504451523186&w=2" - }, - { - "name" : "20051220 Re: Unauthenticated EIGRP DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419898/100/0/threaded" - }, - { - "name" : "http://www.cisco.com/warp/public/707/eigrp_issue.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/warp/public/707/eigrp_issue.pdf" - }, - { - "name" : "6443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6443" - }, - { - "name" : "18055", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18055" - }, - { - "name" : "1005840", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005840" - }, - { - "name" : "7766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7766" - }, - { - "name" : "cisco-ios-eigrp-dos(10903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18055", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18055" + }, + { + "name": "20021219 Re: Cisco IOS EIGRP Network DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/304044" + }, + { + "name": "6443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6443" + }, + { + "name": "20021220 Cisco's Response to the EIGRP Issue", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/tech/tk365/technologies_security_notice09186a008011c5e1.html" + }, + { + "name": "7766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7766" + }, + { + "name": "1005840", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005840" + }, + { + "name": "20021219 Cisco IOS EIGRP Network DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/304034" + }, + { + "name": "http://www.cisco.com/warp/public/707/eigrp_issue.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/warp/public/707/eigrp_issue.pdf" + }, + { + "name": "20051220 Re: Unauthenticated EIGRP DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419898/100/0/threaded" + }, + { + "name": "20051219 Unauthenticated EIGRP DoS", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040330.html" + }, + { + "name": "20051220 RE: Authenticated EIGRP DoS / Information leak", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113504451523186&w=2" + }, + { + "name": "cisco-ios-eigrp-dos(10903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10903" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2364.json b/2002/2xxx/CVE-2002-2364.json index e2fb921a98d..c6569252a65 100644 --- a/2002/2xxx/CVE-2002-2364.json +++ b/2002/2xxx/CVE-2002-2364.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5124" - }, - { - "name" : "phpticket-html-xss(9452)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9452.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5124" + }, + { + "name": "phpticket-html-xss(9452)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9452.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0646.json b/2003/0xxx/CVE-2003-0646.json index 72fe6eaece0..18daf935dc3 100644 --- a/2003/0xxx/CVE-2003-0646.json +++ b/2003/0xxx/CVE-2003-0646.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030711 Trend Micro ActiveX Multiple Overflows", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006488.html" - }, - { - "name" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274", - "refsource" : "CONFIRM", - "url" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274", + "refsource": "CONFIRM", + "url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274" + }, + { + "name": "20030711 Trend Micro ActiveX Multiple Overflows", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006488.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0730.json b/2003/0xxx/CVE-2003-0730.json index 8cd5d35e137..497b921797c 100644 --- a/2003/0xxx/CVE-2003-0730.json +++ b/2003/0xxx/CVE-2003-0730.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030830 Multiple integer overflows in XFree86 (local/remote)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106229335312429&w=2" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" - }, - { - "name" : "CLA-2004:821", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821" - }, - { - "name" : "DSA-380", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-380" - }, - { - "name" : "MDKSA-2003:089", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" - }, - { - "name" : "RHSA-2003:286", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-286.html" - }, - { - "name" : "RHSA-2003:288", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-288.html" - }, - { - "name" : "RHSA-2003:289", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-289.html" - }, - { - "name" : "NetBSD-SA2003-015", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" - }, - { - "name" : "RHSA-2003:287", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-287.html" - }, - { - "name" : "20031101-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" - }, - { - "name" : "102803", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" - }, - { - "name" : "8514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8514" - }, - { - "name" : "ADV-2007-0589", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0589" - }, - { - "name" : "24168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24168" - }, - { - "name" : "24247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24168" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" + }, + { + "name": "20030830 Multiple integer overflows in XFree86 (local/remote)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106229335312429&w=2" + }, + { + "name": "CLA-2004:821", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821" + }, + { + "name": "ADV-2007-0589", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0589" + }, + { + "name": "8514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8514" + }, + { + "name": "20031101-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" + }, + { + "name": "MDKSA-2003:089", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" + }, + { + "name": "RHSA-2003:289", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" + }, + { + "name": "102803", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" + }, + { + "name": "RHSA-2003:287", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" + }, + { + "name": "RHSA-2003:286", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" + }, + { + "name": "24247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24247" + }, + { + "name": "NetBSD-SA2003-015", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" + }, + { + "name": "DSA-380", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-380" + }, + { + "name": "RHSA-2003:288", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5074.json b/2009/5xxx/CVE-2009-5074.json index 2cea34702be..881d074e0b4 100644 --- a/2009/5xxx/CVE-2009-5074.json +++ b/2009/5xxx/CVE-2009-5074.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0161.json b/2012/0xxx/CVE-2012-0161.json index 0e020e469a3..27c5f643fb8 100644 --- a/2012/0xxx/CVE-2012-0161.json +++ b/2012/0xxx/CVE-2012-0161.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka \".NET Framework Serialization Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035" - }, - { - "name" : "TA12-129A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" - }, - { - "name" : "53357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53357" - }, - { - "name" : "oval:org.mitre.oval:def:14951", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14951" - }, - { - "name" : "1027036", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027036" - }, - { - "name" : "49117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka \".NET Framework Serialization Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14951", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14951" + }, + { + "name": "53357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53357" + }, + { + "name": "1027036", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027036" + }, + { + "name": "MS12-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035" + }, + { + "name": "TA12-129A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" + }, + { + "name": "49117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49117" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0270.json b/2012/0xxx/CVE-2012-0270.json index e02b9c95775..da0d00d75c7 100644 --- a/2012/0xxx/CVE-2012-0270.json +++ b/2012/0xxx/CVE-2012-0270.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-0270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2012-3/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2012-3/" - }, - { - "name" : "http://sourceforge.net/projects/csound/files/csound5/csound5.16/Version5.16_Notes/view", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/csound/files/csound5/csound5.16/Version5.16_Notes/view" - }, - { - "name" : "openSUSE-SU-2012:0315", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00027.html" - }, - { - "name" : "openSUSE-SU-2012:0370", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00027.html" - }, - { - "name" : "47585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2012-3/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2012-3/" + }, + { + "name": "47585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47585" + }, + { + "name": "http://sourceforge.net/projects/csound/files/csound5/csound5.16/Version5.16_Notes/view", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/csound/files/csound5/csound5.16/Version5.16_Notes/view" + }, + { + "name": "openSUSE-SU-2012:0315", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00027.html" + }, + { + "name": "openSUSE-SU-2012:0370", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00027.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0473.json b/2012/0xxx/CVE-2012-0473.json index 867b85b17b2..0b8bd3edd1e 100644 --- a/2012/0xxx/CVE-2012-0473.json +++ b/2012/0xxx/CVE-2012-0473.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-26.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=743475", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=743475" - }, - { - "name" : "MDVSA-2012:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066" - }, - { - "name" : "MDVSA-2012:081", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081" - }, - { - "name" : "53231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53231" - }, - { - "name" : "oval:org.mitre.oval:def:16113", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16113" - }, - { - "name" : "48972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48972" - }, - { - "name" : "49047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49047" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16113", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16113" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-26.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-26.html" + }, + { + "name": "53231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53231" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "MDVSA-2012:081", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=743475", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=743475" + }, + { + "name": "48972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48972" + }, + { + "name": "MDVSA-2012:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066" + }, + { + "name": "49047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49047" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0847.json b/2012/0xxx/CVE-2012-0847.json index 8f81a5c6788..71d48af5a93 100644 --- a/2012/0xxx/CVE-2012-0847.json +++ b/2012/0xxx/CVE-2012-0847.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/01/11" - }, - { - "name" : "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/14/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ae21776207e8a2bbe268e7c9e203f7599dd87ddb", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ae21776207e8a2bbe268e7c9e203f7599dd87ddb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ae21776207e8a2bbe268e7c9e203f7599dd87ddb", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ae21776207e8a2bbe268e7c9e203f7599dd87ddb" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/01/11" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1346.json b/2012/1xxx/CVE-2012-1346.json index 11bfc9161be..66aeb051fb7 100644 --- a/2012/1xxx/CVE-2012-1346.json +++ b/2012/1xxx/CVE-2012-1346.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cisco.com/en/US/docs/voice_ip_comm/cer/8_7/english/release/notes/CER0_BK_CEE780BD_00_cisco-emergency-responder-87-release_chapter_00.html", - "refsource" : "CONFIRM", - "url" : "https://www.cisco.com/en/US/docs/voice_ip_comm/cer/8_7/english/release/notes/CER0_BK_CEE780BD_00_cisco-emergency-responder-87-release_chapter_00.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisco.com/en/US/docs/voice_ip_comm/cer/8_7/english/release/notes/CER0_BK_CEE780BD_00_cisco-emergency-responder-87-release_chapter_00.html", + "refsource": "CONFIRM", + "url": "https://www.cisco.com/en/US/docs/voice_ip_comm/cer/8_7/english/release/notes/CER0_BK_CEE780BD_00_cisco-emergency-responder-87-release_chapter_00.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3256.json b/2012/3xxx/CVE-2012-3256.json index c35c6037474..46198a146c8 100644 --- a/2012/3xxx/CVE-2012-3256.json +++ b/2012/3xxx/CVE-2012-3256.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02811", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750" - }, - { - "name" : "SSRT100937", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750" - }, - { - "name" : "85251", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "85251", + "refsource": "OSVDB", + "url": "http://osvdb.org/85251" + }, + { + "name": "SSRT100937", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750" + }, + { + "name": "HPSBMU02811", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3270.json b/2012/3xxx/CVE-2012-3270.json index b030dc8777d..d31cebf6dd3 100644 --- a/2012/3xxx/CVE-2012-3270.json +++ b/2012/3xxx/CVE-2012-3270.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02827", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03555488" - }, - { - "name" : "SSRT100924", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03555488" - }, - { - "name" : "56373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56373" - }, - { - "name" : "1027719", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027719" - }, - { - "name" : "51136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100924", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03555488" + }, + { + "name": "56373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56373" + }, + { + "name": "1027719", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027719" + }, + { + "name": "HPSBMU02827", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03555488" + }, + { + "name": "51136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51136" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3404.json b/2012/3xxx/CVE-2012-3404.json index 0e5a9c9b316..340c4f5961c 100644 --- a/2012/3xxx/CVE-2012-3404.json +++ b/2012/3xxx/CVE-2012-3404.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/11/17" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=833703", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=833703" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=12445", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=12445" - }, - { - "name" : "GLSA-201503-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-04" - }, - { - "name" : "RHSA-2012:1098", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1098.html" - }, - { - "name" : "RHSA-2012:1200", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1200.html" - }, - { - "name" : "USN-1589-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1589-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1200", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1200.html" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=12445", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=12445" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=833703", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=833703" + }, + { + "name": "GLSA-201503-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-04" + }, + { + "name": "RHSA-2012:1098", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1098.html" + }, + { + "name": "USN-1589-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1589-1" + }, + { + "name": "[oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/11/17" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3559.json b/2012/3xxx/CVE-2012-3559.json index 023370c059f..ba02a7911a2 100644 --- a/2012/3xxx/CVE-2012-3559.json +++ b/2012/3xxx/CVE-2012-3559.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a \"moderate severity issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1200/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1200/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a \"moderate severity issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/mac/1200/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1200/" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4071.json b/2012/4xxx/CVE-2012-4071.json index e2e86214f64..6c9028eae5e 100644 --- a/2012/4xxx/CVE-2012-4071.json +++ b/2012/4xxx/CVE-2012-4071.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142", - "refsource" : "CONFIRM", - "url" : "http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142" - }, - { - "name" : "http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip" - }, - { - "name" : "http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip" - }, - { - "name" : "http://joomlacode.org/gf/project/rsgallery2/news/", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/project/rsgallery2/news/" - }, - { - "name" : "http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html", - "refsource" : "CONFIRM", - "url" : "http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html", + "refsource": "CONFIRM", + "url": "http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html" + }, + { + "name": "http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142", + "refsource": "CONFIRM", + "url": "http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142" + }, + { + "name": "http://joomlacode.org/gf/project/rsgallery2/news/", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/project/rsgallery2/news/" + }, + { + "name": "http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip" + }, + { + "name": "http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4430.json b/2012/4xxx/CVE-2012-4430.json index c1089fad899..7a509801091 100644 --- a/2012/4xxx/CVE-2012-4430.json +++ b/2012/4xxx/CVE-2012-4430.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120914 CVE request: bacula: Console ACL Bypass", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/14/11" - }, - { - "name" : "[oss-security] 20120914 Re: CVE request: bacula: Console ACL Bypass", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/14/12" - }, - { - "name" : "[oss-security] 20120914 Re: Re: CVE request: bacula: Console ACL Bypass", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/15/2" - }, - { - "name" : "http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view" - }, - { - "name" : "http://www.bacula.org/en/?page=news", - "refsource" : "CONFIRM", - "url" : "http://www.bacula.org/en/?page=news" - }, - { - "name" : "http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905", - "refsource" : "CONFIRM", - "url" : "http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905" - }, - { - "name" : "DSA-2558", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2558" - }, - { - "name" : "MDVSA-2012:166", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:166" - }, - { - "name" : "55505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55505" - }, - { - "name" : "50535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50535" - }, - { - "name" : "50808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view" + }, + { + "name": "DSA-2558", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2558" + }, + { + "name": "[oss-security] 20120914 Re: Re: CVE request: bacula: Console ACL Bypass", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/15/2" + }, + { + "name": "MDVSA-2012:166", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:166" + }, + { + "name": "http://www.bacula.org/en/?page=news", + "refsource": "CONFIRM", + "url": "http://www.bacula.org/en/?page=news" + }, + { + "name": "55505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55505" + }, + { + "name": "50535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50535" + }, + { + "name": "http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905", + "refsource": "CONFIRM", + "url": "http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905" + }, + { + "name": "50808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50808" + }, + { + "name": "[oss-security] 20120914 Re: CVE request: bacula: Console ACL Bypass", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/14/12" + }, + { + "name": "[oss-security] 20120914 CVE request: bacula: Console ACL Bypass", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/14/11" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4593.json b/2012/4xxx/CVE-2012-4593.json index 23665249625..952ab98c0fb 100644 --- a/2012/4xxx/CVE-2012-4593.json +++ b/2012/4xxx/CVE-2012-4593.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10023", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10023", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10023" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4777.json b/2012/4xxx/CVE-2012-4777.json index 812c639ec1e..e2cafa5ab19 100644 --- a/2012/4xxx/CVE-2012-4777.json +++ b/2012/4xxx/CVE-2012-4777.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka \"WPF Reflection Optimization Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-4777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074" - }, - { - "name" : "TA12-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" - }, - { - "name" : "56464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56464" - }, - { - "name" : "87267", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87267" - }, - { - "name" : "oval:org.mitre.oval:def:15960", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15960" - }, - { - "name" : "1027753", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027753" - }, - { - "name" : "51236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka \"WPF Reflection Optimization Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" + }, + { + "name": "MS12-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074" + }, + { + "name": "oval:org.mitre.oval:def:15960", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15960" + }, + { + "name": "87267", + "refsource": "OSVDB", + "url": "http://osvdb.org/87267" + }, + { + "name": "56464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56464" + }, + { + "name": "51236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51236" + }, + { + "name": "1027753", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027753" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4791.json b/2012/4xxx/CVE-2012-4791.json index dee0fa6de0b..452a028147c 100644 --- a/2012/4xxx/CVE-2012-4791.json +++ b/2012/4xxx/CVE-2012-4791.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka \"RSS Feed May Cause Exchange DoS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-4791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080" - }, - { - "name" : "TA12-346A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" - }, - { - "name" : "oval:org.mitre.oval:def:16158", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka \"RSS Feed May Cause Exchange DoS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-346A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" + }, + { + "name": "oval:org.mitre.oval:def:16158", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16158" + }, + { + "name": "MS12-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080" + } + ] + } +} \ No newline at end of file diff --git a/2017/1002xxx/CVE-2017-1002026.json b/2017/1002xxx/CVE-2017-1002026.json index 6b0e142c371..bbb17a92058 100644 --- a/2017/1002xxx/CVE-2017-1002026.json +++ b/2017/1002xxx/CVE-2017-1002026.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-07-04", - "ID" : "CVE-2017-1002026", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Event Expresso Free", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "3.1.37.11.L" - } - ] - } - } - ] - }, - "vendor_name" : "Event Espresso" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2017-07-04", + "ID": "CVE-2017-1002026", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Event Expresso Free", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.37.11.L" + } + ] + } + } + ] + }, + "vendor_name": "Event Espresso" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=197", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=197" - }, - { - "name" : "https://wordpress.org/plugins/event-espresso-free/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/event-espresso-free/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/event-espresso-free/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/event-espresso-free/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=197", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=197" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2016.json b/2017/2xxx/CVE-2017-2016.json index 575b7bcb330..288207077e7 100644 --- a/2017/2xxx/CVE-2017-2016.json +++ b/2017/2xxx/CVE-2017-2016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2016", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2016", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2845.json b/2017/2xxx/CVE-2017-2845.json index 902a7344e38..840f4249dd7 100644 --- a/2017/2xxx/CVE-2017-2845.json +++ b/2017/2xxx/CVE-2017-2845.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-06-19T00:00:00", - "ID" : "CVE-2017-2845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Indoor IP Camera C1 Series", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-06-19T00:00:00", + "ID": "CVE-2017-2845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Indoor IP Camera C1 Series", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347" - }, - { - "name" : "99184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347" + }, + { + "name": "99184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99184" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2851.json b/2017/2xxx/CVE-2017-2851.json index b425e572a2d..b0ab6da3c21 100644 --- a/2017/2xxx/CVE-2017-2851.json +++ b/2017/2xxx/CVE-2017-2851.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-06-19T00:00:00", - "ID" : "CVE-2017-2851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Indoor IP Camera C1 Series", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-06-19T00:00:00", + "ID": "CVE-2017-2851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Indoor IP Camera C1 Series", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353" - }, - { - "name" : "99190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353" + }, + { + "name": "99190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99190" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3695.json b/2017/3xxx/CVE-2017-3695.json index f0687e73647..2bbc3937fbb 100644 --- a/2017/3xxx/CVE-2017-3695.json +++ b/2017/3xxx/CVE-2017-3695.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3695", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3695", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6248.json b/2017/6xxx/CVE-2017-6248.json index f90fef83e05..c0be230b1fa 100644 --- a/2017/6xxx/CVE-2017-6248.json +++ b/2017/6xxx/CVE-2017-6248.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-6248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34372667. References: N-CVE-2017-6248." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-6248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98876" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34372667. References: N-CVE-2017-6248." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98876" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6495.json b/2017/6xxx/CVE-2017-6495.json index ea1c1238c2c..6593968644a 100644 --- a/2017/6xxx/CVE-2017-6495.json +++ b/2017/6xxx/CVE-2017-6495.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6495", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6495", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6555.json b/2017/6xxx/CVE-2017-6555.json index a7dd81ea256..2c6a3e1dc79 100644 --- a/2017/6xxx/CVE-2017-6555.json +++ b/2017/6xxx/CVE-2017-6555.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka \"Design Manager > Categories > Category Description\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.daimacn.com/?id=7", - "refsource" : "MISC", - "url" : "http://www.daimacn.com/?id=7" - }, - { - "name" : "96933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka \"Design Manager > Categories > Category Description\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.daimacn.com/?id=7", + "refsource": "MISC", + "url": "http://www.daimacn.com/?id=7" + }, + { + "name": "96933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96933" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6688.json b/2017/6xxx/CVE-2017-6688.json index b4d980783f4..4840a131071 100644 --- a/2017/6xxx/CVE-2017-6688.json +++ b/2017/6xxx/CVE-2017-6688.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Elastic Services Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Elastic Services Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Default Password Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Elastic Services Controller", + "version": { + "version_data": [ + { + "version_value": "Cisco Elastic Services Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4" - }, - { - "name" : "98973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Default Password Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4" + }, + { + "name": "98973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98973" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6845.json b/2017/6xxx/CVE-2017-6845.json index 0358303ac40..c7c95143a1d 100644 --- a/2017/6xxx/CVE-2017-6845.json +++ b/2017/6xxx/CVE-2017-6845.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7649.json b/2017/7xxx/CVE-2017-7649.json index acb968aa05e..1396a06cff2 100644 --- a/2017/7xxx/CVE-2017-7649.json +++ b/2017/7xxx/CVE-2017-7649.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@eclipse.org", - "DATE_PUBLIC" : "2017-04-04T00:00:00", - "ID" : "CVE-2017-7649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kura", - "version" : { - "version_data" : [ - { - "version_value" : "Versions prior to 2.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Eclipse Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privileged remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "DATE_PUBLIC": "2017-04-04T00:00:00", + "ID": "CVE-2017-7649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kura", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 2.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Eclipse Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681", - "refsource" : "CONFIRM", - "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681" - }, - { - "name" : "https://github.com/eclipse/kura/issues/956", - "refsource" : "CONFIRM", - "url" : "https://github.com/eclipse/kura/issues/956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privileged remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681" + }, + { + "name": "https://github.com/eclipse/kura/issues/956", + "refsource": "CONFIRM", + "url": "https://github.com/eclipse/kura/issues/956" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7984.json b/2017/7xxx/CVE-2017-7984.json index 098c307f016..0ff696036f0 100644 --- a/2017/7xxx/CVE-2017-7984.json +++ b/2017/7xxx/CVE-2017-7984.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/684-20170402-core-xss-vulnerability", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/684-20170402-core-xss-vulnerability" - }, - { - "name" : "98018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://developer.joomla.org/security-centre/684-20170402-core-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/684-20170402-core-xss-vulnerability" + }, + { + "name": "98018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98018" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10931.json b/2018/10xxx/CVE-2018-10931.json index 84c57122181..ac0aa872765 100644 --- a/2018/10xxx/CVE-2018-10931.json +++ b/2018/10xxx/CVE-2018-10931.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-10931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cobbler", - "version" : { - "version_data" : [ - { - "version_value" : "2.6.x" - } - ] - } - } - ] - }, - "vendor_name" : "The Cobbler Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-749" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cobbler", + "version": { + "version_data": [ + { + "version_value": "2.6.x" + } + ] + } + } + ] + }, + "vendor_name": "The Cobbler Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931" - }, - { - "name" : "RHSA-2018:2372", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-749" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931" + }, + { + "name": "RHSA-2018:2372", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2372" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10934.json b/2018/10xxx/CVE-2018-10934.json index cfe2fcb892d..ee7fe1a5100 100644 --- a/2018/10xxx/CVE-2018-10934.json +++ b/2018/10xxx/CVE-2018-10934.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10934", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10934", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14108.json b/2018/14xxx/CVE-2018-14108.json index ffa0924bd22..0f2f797ee9b 100644 --- a/2018/14xxx/CVE-2018-14108.json +++ b/2018/14xxx/CVE-2018-14108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14108", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14108", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14251.json b/2018/14xxx/CVE-2018-14251.json index 3121b01dc38..482b8be1f32 100644 --- a/2018/14xxx/CVE-2018-14251.json +++ b/2018/14xxx/CVE-2018-14251.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6014." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-711", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-711" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-711", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-711" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14993.json b/2018/14xxx/CVE-2018-14993.json index 184429e45db..f5232fe3a31 100644 --- a/2018/14xxx/CVE-2018-14993.json +++ b/2018/14xxx/CVE-2018-14993.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14993", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14993", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15153.json b/2018/15xxx/CVE-2018-15153.json index 023ee81f028..bea00d19d4a 100644 --- a/2018/15xxx/CVE-2018-15153.json +++ b/2018/15xxx/CVE-2018-15153.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the \"hylafax_server\" global variable in interface/super/edit_globals.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45161", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45161/" - }, - { - "name" : "https://insecurity.sh/reports/openemr.pdf", - "refsource" : "MISC", - "url" : "https://insecurity.sh/reports/openemr.pdf" - }, - { - "name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", - "refsource" : "MISC", - "url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" - }, - { - "name" : "https://github.com/openemr/openemr/pull/1757", - "refsource" : "CONFIRM", - "url" : "https://github.com/openemr/openemr/pull/1757" - }, - { - "name" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", - "refsource" : "CONFIRM", - "url" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the \"hylafax_server\" global variable in interface/super/edit_globals.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://insecurity.sh/reports/openemr.pdf", + "refsource": "MISC", + "url": "https://insecurity.sh/reports/openemr.pdf" + }, + { + "name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", + "refsource": "MISC", + "url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" + }, + { + "name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", + "refsource": "CONFIRM", + "url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" + }, + { + "name": "https://github.com/openemr/openemr/pull/1757", + "refsource": "CONFIRM", + "url": "https://github.com/openemr/openemr/pull/1757" + }, + { + "name": "45161", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45161/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15735.json b/2018/15xxx/CVE-2018-15735.json index 461cda3c029..32caa35619f 100644 --- a/2018/15xxx/CVE-2018-15735.json +++ b/2018/15xxx/CVE-2018-15735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15735", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15735", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20002.json b/2018/20xxx/CVE-2018-20002.json index 528c05f6aa6..fca62177cc8 100644 --- a/2018/20xxx/CVE-2018-20002.json +++ b/2018/20xxx/CVE-2018-20002.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23952" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190221-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190221-0004/" - }, - { - "name" : "106142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106142" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190221-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190221-0004/" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23952" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20534.json b/2018/20xxx/CVE-2018-20534.json index c58fc124f3d..d4d3bf55f21 100644 --- a/2018/20xxx/CVE-2018-20534.json +++ b/2018/20xxx/CVE-2018-20534.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a in libsolv through 0.7.2 that will cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652604" - }, - { - "name" : "https://github.com/openSUSE/libsolv/pull/291", - "refsource" : "MISC", - "url" : "https://github.com/openSUSE/libsolv/pull/291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a in libsolv through 0.7.2 that will cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652604", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652604" + }, + { + "name": "https://github.com/openSUSE/libsolv/pull/291", + "refsource": "MISC", + "url": "https://github.com/openSUSE/libsolv/pull/291" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20546.json b/2018/20xxx/CVE-2018-20546.json index ce4553c6049..da5f3bc63a2 100644 --- a/2018/20xxx/CVE-2018-20546.json +++ b/2018/20xxx/CVE-2018-20546.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190109 [SECURITY] [DLA 1631-1] libcaca security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652622", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652622" - }, - { - "name" : "USN-3860-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3860-1/" - }, - { - "name" : "USN-3860-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3860-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3860-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3860-2/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652622", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652622" + }, + { + "name": "[debian-lts-announce] 20190109 [SECURITY] [DLA 1631-1] libcaca security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00007.html" + }, + { + "name": "USN-3860-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3860-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20691.json b/2018/20xxx/CVE-2018-20691.json index 26e4db24652..d2e58b8154a 100644 --- a/2018/20xxx/CVE-2018-20691.json +++ b/2018/20xxx/CVE-2018-20691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20691", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20691", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9043.json b/2018/9xxx/CVE-2018-9043.json index f38e21dd5aa..f0f82ec11d7 100644 --- a/2018/9xxx/CVE-2018-9043.json +++ b/2018/9xxx/CVE-2018-9043.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c4060d0", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c4060d0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c4060d0", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c4060d0" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9401.json b/2018/9xxx/CVE-2018-9401.json index 133b54bed9b..ff41b0ec37e 100644 --- a/2018/9xxx/CVE-2018-9401.json +++ b/2018/9xxx/CVE-2018-9401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9401", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9401", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9838.json b/2018/9xxx/CVE-2018-9838.json index d02a28e08bd..5917233b5ab 100644 --- a/2018/9xxx/CVE-2018-9838.json +++ b/2018/9xxx/CVE-2018-9838.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://caml.inria.fr/mantis/view.php?id=7765", - "refsource" : "MISC", - "url" : "https://caml.inria.fr/mantis/view.php?id=7765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://caml.inria.fr/mantis/view.php?id=7765", + "refsource": "MISC", + "url": "https://caml.inria.fr/mantis/view.php?id=7765" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9842.json b/2018/9xxx/CVE-2018-9842.json index ce3bd4373ad..5716bd04702 100644 --- a/2018/9xxx/CVE-2018-9842.json +++ b/2018/9xxx/CVE-2018-9842.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180409 [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541931/100/0/threaded" - }, - { - "name" : "44428", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44428/" - }, - { - "name" : "44829", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44829/" - }, - { - "name" : "45926", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45926/" - }, - { - "name" : "20180409 [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Apr/19" - }, - { - "name" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure", - "refsource" : "MISC", - "url" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure" - }, - { - "name" : "1040674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44428", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44428/" + }, + { + "name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure", + "refsource": "MISC", + "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure" + }, + { + "name": "20180409 [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Apr/19" + }, + { + "name": "1040674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040674" + }, + { + "name": "45926", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45926/" + }, + { + "name": "44829", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44829/" + }, + { + "name": "20180409 [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541931/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9943.json b/2018/9xxx/CVE-2018-9943.json index 285a00e2a9a..fc1a74a5827 100644 --- a/2018/9xxx/CVE-2018-9943.json +++ b/2018/9xxx/CVE-2018-9943.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openList method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5377." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-704-Incorrect Type Conversion or Cast" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-327", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-327" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openList method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5377." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-327", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-327" + } + ] + } +} \ No newline at end of file