From b562af75aee5604b11ff82e14fe2d94a295513a6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:29:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1199.json | 180 ++++++------- 2002/1xxx/CVE-2002-1428.json | 140 +++++----- 2002/1xxx/CVE-2002-1482.json | 140 +++++----- 2003/0xxx/CVE-2003-0097.json | 170 ++++++------- 2003/0xxx/CVE-2003-0395.json | 130 +++++----- 2003/0xxx/CVE-2003-0425.json | 130 +++++----- 2003/0xxx/CVE-2003-0774.json | 180 ++++++------- 2003/1xxx/CVE-2003-1043.json | 160 ++++++------ 2003/1xxx/CVE-2003-1334.json | 120 ++++----- 2003/1xxx/CVE-2003-1492.json | 140 +++++----- 2004/2xxx/CVE-2004-2310.json | 160 ++++++------ 2004/2xxx/CVE-2004-2639.json | 160 ++++++------ 2004/2xxx/CVE-2004-2702.json | 190 +++++++------- 2008/2xxx/CVE-2008-2303.json | 190 +++++++------- 2012/0xxx/CVE-2012-0213.json | 210 +++++++-------- 2012/0xxx/CVE-2012-0505.json | 450 ++++++++++++++++----------------- 2012/0xxx/CVE-2012-0701.json | 130 +++++----- 2012/1xxx/CVE-2012-1194.json | 120 ++++----- 2012/1xxx/CVE-2012-1644.json | 180 ++++++------- 2012/1xxx/CVE-2012-1649.json | 180 ++++++------- 2012/1xxx/CVE-2012-1729.json | 170 ++++++------- 2012/4xxx/CVE-2012-4238.json | 160 ++++++------ 2012/5xxx/CVE-2012-5362.json | 34 +-- 2012/5xxx/CVE-2012-5599.json | 34 +-- 2012/5xxx/CVE-2012-5705.json | 160 ++++++------ 2012/5xxx/CVE-2012-5896.json | 200 +++++++-------- 2017/3xxx/CVE-2017-3797.json | 140 +++++----- 2017/6xxx/CVE-2017-6283.json | 122 ++++----- 2017/6xxx/CVE-2017-6379.json | 140 +++++----- 2017/6xxx/CVE-2017-6476.json | 34 +-- 2017/6xxx/CVE-2017-6934.json | 34 +-- 2017/7xxx/CVE-2017-7121.json | 130 +++++----- 2017/7xxx/CVE-2017-7154.json | 160 ++++++------ 2017/7xxx/CVE-2017-7442.json | 130 +++++----- 2017/7xxx/CVE-2017-7994.json | 140 +++++----- 2017/8xxx/CVE-2017-8462.json | 140 +++++----- 2018/10xxx/CVE-2018-10328.json | 120 ++++----- 2018/10xxx/CVE-2018-10395.json | 34 +-- 2018/10xxx/CVE-2018-10512.json | 120 ++++----- 2018/10xxx/CVE-2018-10749.json | 120 ++++----- 2018/10xxx/CVE-2018-10941.json | 34 +-- 2018/13xxx/CVE-2018-13119.json | 34 +-- 2018/13xxx/CVE-2018-13597.json | 130 +++++----- 2018/13xxx/CVE-2018-13776.json | 130 +++++----- 2018/17xxx/CVE-2018-17040.json | 34 +-- 2018/17xxx/CVE-2018-17463.json | 172 ++++++------- 2018/17xxx/CVE-2018-17686.json | 130 +++++----- 2018/17xxx/CVE-2018-17752.json | 34 +-- 2018/17xxx/CVE-2018-17790.json | 34 +-- 2018/20xxx/CVE-2018-20508.json | 120 ++++----- 2018/9xxx/CVE-2018-9201.json | 34 +-- 2018/9xxx/CVE-2018-9280.json | 120 ++++----- 2018/9xxx/CVE-2018-9436.json | 132 +++++----- 2018/9xxx/CVE-2018-9848.json | 120 ++++----- 54 files changed, 3520 insertions(+), 3520 deletions(-) diff --git a/2002/1xxx/CVE-2002-1199.json b/2002/1xxx/CVE-2002-1199.json index 4e4ad0eafad..3bc611e9997 100644 --- a/2002/1xxx/CVE-2002-1199.json +++ b/2002/1xxx/CVE-2002-1199.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021010 Multiple vendor ypxfrd map handling vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103426842025029&w=2" - }, - { - "name" : "CSSA-2002-SCO.40", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40" - }, - { - "name" : "47903", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903" - }, - { - "name" : "VU#538033", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/538033" - }, - { - "name" : "5937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5937" - }, - { - "name" : "oval:org.mitre.oval:def:2423", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423" - }, - { - "name" : "ypxfrd-file-disclosure(10329)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10329.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47903", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903" + }, + { + "name": "20021010 Multiple vendor ypxfrd map handling vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103426842025029&w=2" + }, + { + "name": "CSSA-2002-SCO.40", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40" + }, + { + "name": "ypxfrd-file-disclosure(10329)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10329.php" + }, + { + "name": "VU#538033", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/538033" + }, + { + "name": "oval:org.mitre.oval:def:2423", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423" + }, + { + "name": "5937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5937" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1428.json b/2002/1xxx/CVE-2002-1428.json index 7a7f7eab274..31a09038e61 100644 --- a/2002/1xxx/CVE-2002-1428.json +++ b/2002/1xxx/CVE-2002-1428.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020728 php dotProject by pass authentication", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html" - }, - { - "name" : "5347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5347" - }, - { - "name" : "dotproject-admin-access(9720)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9720.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020728 php dotProject by pass authentication", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html" + }, + { + "name": "dotproject-admin-access(9720)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9720.php" + }, + { + "name": "5347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5347" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1482.json b/2002/1xxx/CVE-2002-1482.json index 93a62df9341..429a8f99958 100644 --- a/2002/1xxx/CVE-2002-1482.json +++ b/2002/1xxx/CVE-2002-1482.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020909 phpGB: DoS and executing_arbitrary_commands", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html" - }, - { - "name" : "5673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5673" - }, - { - "name" : "phpgb-login-sql-injection(10068)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10068.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020909 phpGB: DoS and executing_arbitrary_commands", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html" + }, + { + "name": "phpgb-login-sql-injection(10068)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10068.php" + }, + { + "name": "5673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5673" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0097.json b/2003/0xxx/CVE-2003-0097.json index 33bbb601146..6e508aea0b8 100644 --- a/2003/0xxx/CVE-2003-0097.json +++ b/2003/0xxx/CVE-2003-0097.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104550977011668&w=2" - }, - { - "name" : "GLSA-200302-09", - "refsource" : "GENTOO", - "url" : "http://marc.info/?l=bugtraq&m=104567042700840&w=2" - }, - { - "name" : "GLSA-200302-09.1", - "refsource" : "GENTOO", - "url" : "http://marc.info/?l=bugtraq&m=104567137502557&w=2" - }, - { - "name" : "http://www.slackware.com/changelog/current.php?cpu=i386", - "refsource" : "CONFIRM", - "url" : "http://www.slackware.com/changelog/current.php?cpu=i386" - }, - { - "name" : "6875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6875" - }, - { - "name" : "php-cgi-sapi-access(11343)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11343.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200302-09", + "refsource": "GENTOO", + "url": "http://marc.info/?l=bugtraq&m=104567042700840&w=2" + }, + { + "name": "GLSA-200302-09.1", + "refsource": "GENTOO", + "url": "http://marc.info/?l=bugtraq&m=104567137502557&w=2" + }, + { + "name": "php-cgi-sapi-access(11343)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11343.php" + }, + { + "name": "20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104550977011668&w=2" + }, + { + "name": "6875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6875" + }, + { + "name": "http://www.slackware.com/changelog/current.php?cpu=i386", + "refsource": "CONFIRM", + "url": "http://www.slackware.com/changelog/current.php?cpu=i386" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0395.json b/2003/0xxx/CVE-2003-0395.json index 2267b9f9d2b..ffa32c10356 100644 --- a/2003/0xxx/CVE-2003-0395.json +++ b/2003/0xxx/CVE-2003-0395.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030524 UPB: Discussion Board/Web-Site Takeover", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105379741528925&w=2" - }, - { - "name" : "http://f0kp.iplus.ru/bz/024.en.txt", - "refsource" : "MISC", - "url" : "http://f0kp.iplus.ru/bz/024.en.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://f0kp.iplus.ru/bz/024.en.txt", + "refsource": "MISC", + "url": "http://f0kp.iplus.ru/bz/024.en.txt" + }, + { + "name": "20030524 UPB: Discussion Board/Web-Site Takeover", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105379741528925&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0425.json b/2003/0xxx/CVE-2003-0425.json index f9324effe19..a7a872e87ac 100644 --- a/2003/0xxx/CVE-2003-0425.json +++ b/2003/0xxx/CVE-2003-0425.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html" - }, - { - "name" : "http://www.rapid7.com/advisories/R7-0015.html", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0015.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0015.html", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0015.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0774.json b/2003/0xxx/CVE-2003-0774.json index a73fc9118e6..5b5072a019e 100644 --- a/2003/0xxx/CVE-2003-0774.json +++ b/2003/0xxx/CVE-2003-0774.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-379", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-379" - }, - { - "name" : "RHSA-2003:278", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html" - }, - { - "name" : "RHSA-2003:285", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html" - }, - { - "name" : "MDKSA-2003:099", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099" - }, - { - "name" : "SuSE-SA:2003:046", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html" - }, - { - "name" : "CSSA-2004-005.0", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt" - }, - { - "name" : "8593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:278", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-278.html" + }, + { + "name": "CSSA-2004-005.0", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt" + }, + { + "name": "SuSE-SA:2003:046", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html" + }, + { + "name": "RHSA-2003:285", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-285.html" + }, + { + "name": "8593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8593" + }, + { + "name": "DSA-379", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-379" + }, + { + "name": "MDKSA-2003:099", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1043.json b/2003/1xxx/CVE-2003-1043.json index 6ad67b11b6a..639f3dea630 100644 --- a/2003/1xxx/CVE-2003-1043.json +++ b/2003/1xxx/CVE-2003-1043.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343185" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219044", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219044" - }, - { - "name" : "CLA-2003:774", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774" - }, - { - "name" : "8953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8953" - }, - { - "name" : "bugzilla-url-sql-injection(13596)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343185" + }, + { + "name": "CLA-2003:774", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=219044", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=219044" + }, + { + "name": "bugzilla-url-sql-injection(13596)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13596" + }, + { + "name": "8953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8953" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1334.json b/2003/1xxx/CVE-2003-1334.json index 7245ab5d99f..91cc8afa1c6 100644 --- a/2003/1xxx/CVE-2003-1334.json +++ b/2003/1xxx/CVE-2003-1334.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bitfolge.de/snif-en.html", - "refsource" : "CONFIRM", - "url" : "http://www.bitfolge.de/snif-en.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bitfolge.de/snif-en.html", + "refsource": "CONFIRM", + "url": "http://www.bitfolge.de/snif-en.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1492.json b/2003/1xxx/CVE-2003-1492.json index c14a003eb69..f214a6ed045 100644 --- a/2003/1xxx/CVE-2003-1492.json +++ b/2003/1xxx/CVE-2003-1492.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030429 \"netscape navigator\" is cracked.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/319919" - }, - { - "name" : "7456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7456" - }, - { - "name" : "netscape-domain-obtain-info(11924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030429 \"netscape navigator\" is cracked.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/319919" + }, + { + "name": "7456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7456" + }, + { + "name": "netscape-domain-obtain-info(11924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2310.json b/2004/2xxx/CVE-2004-2310.json index c74b50c0b18..cf8572dfc35 100644 --- a/2004/2xxx/CVE-2004-2310.json +++ b/2004/2xxx/CVE-2004-2310.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt" - }, - { - "name" : "9901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9901" - }, - { - "name" : "4306", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4306" - }, - { - "name" : "11143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11143" - }, - { - "name" : "lotus-domino-webadmin-xss(15502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9901" + }, + { + "name": "lotus-domino-webadmin-xss(15502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15502" + }, + { + "name": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt" + }, + { + "name": "11143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11143" + }, + { + "name": "4306", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4306" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2639.json b/2004/2xxx/CVE-2004-2639.json index 6f3c29df95b..02a5ec0e186 100644 --- a/2004/2xxx/CVE-2004-2639.json +++ b/2004/2xxx/CVE-2004-2639.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/project/shownotes.php?release_id=232566&group_id=101583", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/project/shownotes.php?release_id=232566&group_id=101583" - }, - { - "name" : "5572", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5572" - }, - { - "name" : "1009909", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2004/Apr/1009909.html" - }, - { - "name" : "11431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11431" - }, - { - "name" : "journalness-data-manipulation(15923)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "journalness-data-manipulation(15923)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15923" + }, + { + "name": "5572", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5572" + }, + { + "name": "11431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11431" + }, + { + "name": "1009909", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2004/Apr/1009909.html" + }, + { + "name": "https://sourceforge.net/project/shownotes.php?release_id=232566&group_id=101583", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/project/shownotes.php?release_id=232566&group_id=101583" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2702.json b/2004/2xxx/CVE-2004-2702.json index d3e9b244ec7..cd6fbc6a380 100644 --- a/2004/2xxx/CVE-2004-2702.json +++ b/2004/2xxx/CVE-2004-2702.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040824 Re: [Full-Disclosure] XSS in Plesk 7.1 Reloaded", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1031.html" - }, - { - "name" : "20040824 XSS in Plesk 7.1 Reloaded", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1022.html" - }, - { - "name" : "20041223 Plesk 7 Cross-Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0554.html" - }, - { - "name" : "11024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11024" - }, - { - "name" : "9149", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9149" - }, - { - "name" : "1011042", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011042" - }, - { - "name" : "12368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12368" - }, - { - "name" : "plesk-loginname-xss(17085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12368" + }, + { + "name": "11024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11024" + }, + { + "name": "20041223 Plesk 7 Cross-Site Scripting", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0554.html" + }, + { + "name": "plesk-loginname-xss(17085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17085" + }, + { + "name": "9149", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9149" + }, + { + "name": "20040824 Re: [Full-Disclosure] XSS in Plesk 7.1 Reloaded", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1031.html" + }, + { + "name": "20040824 XSS in Plesk 7.1 Reloaded", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1022.html" + }, + { + "name": "1011042", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011042" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2303.json b/2008/2xxx/CVE-2008-2303.json index 7ff7d96d3c4..d1d099485d8 100644 --- a/2008/2xxx/CVE-2008-2303.json +++ b/2008/2xxx/CVE-2008-2303.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3298", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3298" - }, - { - "name" : "APPLE-SA-2008-07-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html" - }, - { - "name" : "APPLE-SA-2008-11-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html" - }, - { - "name" : "30186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30186" - }, - { - "name" : "32706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32706" - }, - { - "name" : "ADV-2008-2094", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2094/references" - }, - { - "name" : "31074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31074" - }, - { - "name" : "ipod-iphone-javascript-code-execution(43736)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2008-11-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html" + }, + { + "name": "ipod-iphone-javascript-code-execution(43736)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43736" + }, + { + "name": "30186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30186" + }, + { + "name": "32706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32706" + }, + { + "name": "APPLE-SA-2008-07-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3298", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3298" + }, + { + "name": "ADV-2008-2094", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2094/references" + }, + { + "name": "31074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31074" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0213.json b/2012/0xxx/CVE-2012-0213.json index d1f5d60a76e..9e135199b36 100644 --- a/2012/0xxx/CVE-2012-0213.json +++ b/2012/0xxx/CVE-2012-0213.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2012-0213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=799078", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=799078" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0044", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0044" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21996759", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21996759" - }, - { - "name" : "DSA-2468", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2468" - }, - { - "name" : "FEDORA-2012-10835", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084609.html" - }, - { - "name" : "MDVSA-2013:094", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:094" - }, - { - "name" : "RHSA-2012:1232", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" - }, - { - "name" : "53487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53487" - }, - { - "name" : "49040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49040" - }, - { - "name" : "50549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21996759", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996759" + }, + { + "name": "49040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49040" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0044", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0044" + }, + { + "name": "DSA-2468", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2468" + }, + { + "name": "50549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50549" + }, + { + "name": "FEDORA-2012-10835", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084609.html" + }, + { + "name": "53487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53487" + }, + { + "name": "RHSA-2012:1232", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html" + }, + { + "name": "MDVSA-2013:094", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:094" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=799078", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799078" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0505.json b/2012/0xxx/CVE-2012-0505.json index 429a99f61d4..abd2993aabc 100644 --- a/2012/0xxx/CVE-2012-0505.json +++ b/2012/0xxx/CVE-2012-0505.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" - }, - { - "name" : "DSA-2420", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2420" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBUX02757", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2" - }, - { - "name" : "HPSBUX02760", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2" - }, - { - "name" : "HPSBUX02777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "HPSBUX02784", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2" - }, - { - "name" : "SSRT100779", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2" - }, - { - "name" : "SSRT100805", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2" - }, - { - "name" : "SSRT100854", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100871", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2012:1080", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1080.html" - }, - { - "name" : "RHSA-2012:0508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0508.html" - }, - { - "name" : "RHSA-2012:0514", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0514.html" - }, - { - "name" : "RHSA-2012:0702", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0702.html" - }, - { - "name" : "SUSE-SU-2012:1013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html" - }, - { - "name" : "SUSE-SU-2012:0881", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html" - }, - { - "name" : "SUSE-SU-2012:0602", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html" - }, - { - "name" : "SUSE-SU-2012:0603", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html" - }, - { - "name" : "SUSE-SU-2012:0734", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html" - }, - { - "name" : "52017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52017" - }, - { - "name" : "oval:org.mitre.oval:def:13976", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13976" - }, - { - "name" : "48589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48589" - }, - { - "name" : "49198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49198" - }, - { - "name" : "48692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48692" - }, - { - "name" : "48915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48915" - }, - { - "name" : "48948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48948" - }, - { - "name" : "48950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48950" - }, - { - "name" : "48073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48073" - }, - { - "name" : "48074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48074" + }, + { + "name": "HPSBUX02784", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" + }, + { + "name": "SUSE-SU-2012:1013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "48692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48692" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "SUSE-SU-2012:0881", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html" + }, + { + "name": "48589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48589" + }, + { + "name": "SSRT100805", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" + }, + { + "name": "SUSE-SU-2012:0734", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html" + }, + { + "name": "SUSE-SU-2012:0602", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SUSE-SU-2012:0603", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html" + }, + { + "name": "48073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48073" + }, + { + "name": "48950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48950" + }, + { + "name": "48948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48948" + }, + { + "name": "SSRT100871", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2" + }, + { + "name": "48915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48915" + }, + { + "name": "52017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52017" + }, + { + "name": "HPSBUX02757", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2" + }, + { + "name": "DSA-2420", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2420" + }, + { + "name": "oval:org.mitre.oval:def:13976", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13976" + }, + { + "name": "RHSA-2012:0508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "49198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49198" + }, + { + "name": "RHSA-2012:0514", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0514.html" + }, + { + "name": "RHSA-2012:1080", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1080.html" + }, + { + "name": "HPSBUX02777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "RHSA-2012:0702", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0702.html" + }, + { + "name": "HPSBUX02760", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" + }, + { + "name": "SSRT100854", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "SSRT100779", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0701.json b/2012/0xxx/CVE-2012-0701.json index c02edfa569a..db64aacc321 100644 --- a/2012/0xxx/CVE-2012-0701.json +++ b/2012/0xxx/CVE-2012-0701.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623501" - }, - { - "name" : "infosphere-datastage-client-priv-esc(73285)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501" + }, + { + "name": "infosphere-datastage-client-priv-esc(73285)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73285" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1194.json b/2012/1xxx/CVE-2012-1194.json index 24ce01abf8f..446ed490419 100644 --- a/2012/1xxx/CVE-2012-1194.json +++ b/2012/1xxx/CVE-2012-1194.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.isc.org/files/imce/ghostdomain_camera.pdf", - "refsource" : "MISC", - "url" : "https://www.isc.org/files/imce/ghostdomain_camera.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.isc.org/files/imce/ghostdomain_camera.pdf", + "refsource": "MISC", + "url": "https://www.isc.org/files/imce/ghostdomain_camera.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1644.json b/2012/1xxx/CVE-2012-1644.json index b1beb66714c..54d7a04aba8 100644 --- a/2012/1xxx/CVE-2012-1644.json +++ b/2012/1xxx/CVE-2012-1644.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "https://drupal.org/node/1441450", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1441450" - }, - { - "name" : "http://drupal.org/node/1441086", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1441086" - }, - { - "name" : "http://drupalcode.org/project/og_vocab.git/commitdiff/cd8de08", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/og_vocab.git/commitdiff/cd8de08" - }, - { - "name" : "79336", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79336" - }, - { - "name" : "48020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48020" - }, - { - "name" : "ogvocabulary-title-xss(53902)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1441086", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1441086" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "http://drupalcode.org/project/og_vocab.git/commitdiff/cd8de08", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/og_vocab.git/commitdiff/cd8de08" + }, + { + "name": "ogvocabulary-title-xss(53902)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53902" + }, + { + "name": "79336", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79336" + }, + { + "name": "https://drupal.org/node/1441450", + "refsource": "MISC", + "url": "https://drupal.org/node/1441450" + }, + { + "name": "48020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48020" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1649.json b/2012/1xxx/CVE-2012-1649.json index f17dce36eb5..c6e6eb334e1 100644 --- a/2012/1xxx/CVE-2012-1649.json +++ b/2012/1xxx/CVE-2012-1649.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1461438", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1461438" - }, - { - "name" : "http://drupal.org/node/1417186", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1417186" - }, - { - "name" : "52232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52232" - }, - { - "name" : "79772", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79772" - }, - { - "name" : "48196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48196" - }, - { - "name" : "coolaid-helpmessages-security-bypass(73608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48196" + }, + { + "name": "coolaid-helpmessages-security-bypass(73608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608" + }, + { + "name": "52232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52232" + }, + { + "name": "http://drupal.org/node/1461438", + "refsource": "MISC", + "url": "http://drupal.org/node/1461438" + }, + { + "name": "79772", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79772" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "http://drupal.org/node/1417186", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1417186" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1729.json b/2012/1xxx/CVE-2012-1729.json index 3ebcf18b8ee..54494880713 100644 --- a/2012/1xxx/CVE-2012-1729.json +++ b/2012/1xxx/CVE-2012-1729.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54509" - }, - { - "name" : "83953", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83953" - }, - { - "name" : "1027273", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027273" - }, - { - "name" : "hyperionbi-uiandvisualization-cve20121729(77013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027273", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027273" + }, + { + "name": "54509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54509" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "83953", + "refsource": "OSVDB", + "url": "http://osvdb.org/83953" + }, + { + "name": "hyperionbi-uiandvisualization-cve20121729(77013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77013" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4238.json b/2012/4xxx/CVE-2012-4238.json index 095fa8daeb2..b4cb43a65d0 100644 --- a/2012/4xxx/CVE-2012-4238.json +++ b/2012/4xxx/CVE-2012-4238.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120813 TCExam Edit Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html" - }, - { - "name" : "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html", - "refsource" : "MISC", - "url" : "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html" - }, - { - "name" : "http://freecode.com/projects/tcexam/releases/347125", - "refsource" : "CONFIRM", - "url" : "http://freecode.com/projects/tcexam/releases/347125" - }, - { - "name" : "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742", - "refsource" : "CONFIRM", - "url" : "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742" - }, - { - "name" : "50141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html", + "refsource": "MISC", + "url": "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html" + }, + { + "name": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742", + "refsource": "CONFIRM", + "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742" + }, + { + "name": "50141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50141" + }, + { + "name": "http://freecode.com/projects/tcexam/releases/347125", + "refsource": "CONFIRM", + "url": "http://freecode.com/projects/tcexam/releases/347125" + }, + { + "name": "20120813 TCExam Edit Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5362.json b/2012/5xxx/CVE-2012-5362.json index b263e645142..c24e99872c0 100644 --- a/2012/5xxx/CVE-2012-5362.json +++ b/2012/5xxx/CVE-2012-5362.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5362", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5362", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5599.json b/2012/5xxx/CVE-2012-5599.json index 9f6e183d7c6..9eeb6757705 100644 --- a/2012/5xxx/CVE-2012-5599.json +++ b/2012/5xxx/CVE-2012-5599.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5599", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate is a reservation duplicate of CVE-2012-6061. Notes: All CVE users should reference CVE-2012-6061 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5599", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate is a reservation duplicate of CVE-2012-6061. Notes: All CVE users should reference CVE-2012-6061 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5705.json b/2012/5xxx/CVE-2012-5705.json index ab77195fc81..1d29f082d68 100644 --- a/2012/5xxx/CVE-2012-5705.json +++ b/2012/5xxx/CVE-2012-5705.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the \"administer hotblocks\" permission to inject arbitrary web script or HTML via the \"block names.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6" - }, - { - "name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1" - }, - { - "name" : "http://drupal.org/node/1732946", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1732946" - }, - { - "name" : "http://www.madirish.net/543", - "refsource" : "MISC", - "url" : "http://www.madirish.net/543" - }, - { - "name" : "http://drupal.org/node/1732828", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1732828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the \"administer hotblocks\" permission to inject arbitrary web script or HTML via the \"block names.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6" + }, + { + "name": "http://drupal.org/node/1732828", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1732828" + }, + { + "name": "http://www.madirish.net/543", + "refsource": "MISC", + "url": "http://www.madirish.net/543" + }, + { + "name": "http://drupal.org/node/1732946", + "refsource": "MISC", + "url": "http://drupal.org/node/1732946" + }, + { + "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5896.json b/2012/5xxx/CVE-2012-5896.json index 3b0283821b4..42aa0c1b030 100644 --- a/2012/5xxx/CVE-2012-5896.json +++ b/2012/5xxx/CVE-2012-5896.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an \"uninitialized pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120328 Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html" - }, - { - "name" : "18674", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18674" - }, - { - "name" : "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb", - "refsource" : "MISC", - "url" : "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb" - }, - { - "name" : "http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html" - }, - { - "name" : "http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html" - }, - { - "name" : "52765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52765" - }, - { - "name" : "80662", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80662" - }, - { - "name" : "48566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48566" - }, - { - "name" : "intrust-annotatex-code-execution(74448)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an \"uninitialized pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18674", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18674" + }, + { + "name": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb", + "refsource": "MISC", + "url": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb" + }, + { + "name": "80662", + "refsource": "OSVDB", + "url": "http://osvdb.org/80662" + }, + { + "name": "http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html" + }, + { + "name": "intrust-annotatex-code-execution(74448)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74448" + }, + { + "name": "20120328 Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html" + }, + { + "name": "52765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52765" + }, + { + "name": "48566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48566" + }, + { + "name": "http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3797.json b/2017/3xxx/CVE-2017-3797.json index 6b1f3032a6f..8a8b97aad42 100644 --- a/2017/3xxx/CVE-2017-3797.json +++ b/2017/3xxx/CVE-2017-3797.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx Meetings Server 2.7", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx Meetings Server 2.7" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx Meetings Server 2.7", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx Meetings Server 2.7" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3" - }, - { - "name" : "95639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95639" - }, - { - "name" : "1037648", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95639" + }, + { + "name": "1037648", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037648" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6283.json b/2017/6xxx/CVE-2017-6283.json index 73d06cc1ab5..1b5a1afa931 100644 --- a/2017/6xxx/CVE-2017-6283.json +++ b/2017/6xxx/CVE-2017-6283.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-02-26T00:00:00", - "ID" : "CVE-2017-6283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SHIELD TV", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-02-26T00:00:00", + "ID": "CVE-2017-6283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SHIELD TV", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4631", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6379.json b/2017/6xxx/CVE-2017-6379.json index e424d375b3d..0bde74a6dbb 100644 --- a/2017/6xxx/CVE-2017-6379.json +++ b/2017/6xxx/CVE-2017-6379.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@drupal.org", - "ID" : "CVE-2017-6379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Drupal Core", - "version" : { - "version_data" : [ - { - "version_value" : "8.2.x versions before 8.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Drupal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "security@drupal.org", + "ID": "CVE-2017-6379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drupal Core", + "version": { + "version_data": [ + { + "version_value": "8.2.x versions before 8.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Drupal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/SA-2017-001", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-2017-001" - }, - { - "name" : "96919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96919" - }, - { - "name" : "1038058", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038058", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038058" + }, + { + "name": "https://www.drupal.org/SA-2017-001", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-2017-001" + }, + { + "name": "96919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96919" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6476.json b/2017/6xxx/CVE-2017-6476.json index 14e95d7a337..2363577dcc7 100644 --- a/2017/6xxx/CVE-2017-6476.json +++ b/2017/6xxx/CVE-2017-6476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6476", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6476", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6934.json b/2017/6xxx/CVE-2017-6934.json index 7e6a6675a04..337081bf1fc 100644 --- a/2017/6xxx/CVE-2017-6934.json +++ b/2017/6xxx/CVE-2017-6934.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6934", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6934", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7121.json b/2017/7xxx/CVE-2017-7121.json index 49e17030e55..08d49ece599 100644 --- a/2017/7xxx/CVE-2017-7121.json +++ b/2017/7xxx/CVE-2017-7121.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party \"file\" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208144", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208144" - }, - { - "name" : "100993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party \"file\" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100993" + }, + { + "name": "https://support.apple.com/HT208144", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208144" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7154.json b/2017/7xxx/CVE-2017-7154.json index 5099aef267f..43aa168a57b 100644 --- a/2017/7xxx/CVE-2017-7154.json +++ b/2017/7xxx/CVE-2017-7154.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the \"Kernel\" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43521", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43521/" - }, - { - "name" : "https://support.apple.com/HT208327", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208327" - }, - { - "name" : "https://support.apple.com/HT208331", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208331" - }, - { - "name" : "https://support.apple.com/HT208334", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208334" - }, - { - "name" : "103134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the \"Kernel\" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208331", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208331" + }, + { + "name": "https://support.apple.com/HT208327", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208327" + }, + { + "name": "103134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103134" + }, + { + "name": "https://support.apple.com/HT208334", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208334" + }, + { + "name": "43521", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43521/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7442.json b/2017/7xxx/CVE-2017-7442.json index c1f2f01960b..8cae322ce53 100644 --- a/2017/7xxx/CVE-2017-7442.json +++ b/2017/7xxx/CVE-2017-7442.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42418", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42418/" - }, - { - "name" : "http://srcincite.io/advisories/src-2017-0005/", - "refsource" : "MISC", - "url" : "http://srcincite.io/advisories/src-2017-0005/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://srcincite.io/advisories/src-2017-0005/", + "refsource": "MISC", + "url": "http://srcincite.io/advisories/src-2017-0005/" + }, + { + "name": "42418", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42418/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7994.json b/2017/7xxx/CVE-2017-7994.json index 6fe81968b8a..8f35fe200a0 100644 --- a/2017/7xxx/CVE-2017-7994.json +++ b/2017/7xxx/CVE-2017-7994.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/icepng/PoC/tree/master/PoC1", - "refsource" : "MISC", - "url" : "https://github.com/icepng/PoC/tree/master/PoC1" - }, - { - "name" : "https://icepng.github.io/2017/04/21/PoDoFo-1/", - "refsource" : "MISC", - "url" : "https://icepng.github.io/2017/04/21/PoDoFo-1/" - }, - { - "name" : "97980", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97980", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97980" + }, + { + "name": "https://icepng.github.io/2017/04/21/PoDoFo-1/", + "refsource": "MISC", + "url": "https://icepng.github.io/2017/04/21/PoDoFo-1/" + }, + { + "name": "https://github.com/icepng/PoC/tree/master/PoC1", + "refsource": "MISC", + "url": "https://github.com/icepng/PoC/tree/master/PoC1" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8462.json b/2017/8xxx/CVE-2017-8462.json index 9252dc66196..3c452d94c2f 100644 --- a/2017/8xxx/CVE-2017-8462.json +++ b/2017/8xxx/CVE-2017-8462.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42218", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42218/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8462", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8462" - }, - { - "name" : "98900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42218", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42218/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8462", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8462" + }, + { + "name": "98900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98900" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10328.json b/2018/10xxx/CVE-2018-10328.json index 44654d49283..75c6ea84960 100644 --- a/2018/10xxx/CVE-2018-10328.json +++ b/2018/10xxx/CVE-2018-10328.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf", - "refsource" : "MISC", - "url" : "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf", + "refsource": "MISC", + "url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10395.json b/2018/10xxx/CVE-2018-10395.json index 953221ae0f4..d8546f1fd92 100644 --- a/2018/10xxx/CVE-2018-10395.json +++ b/2018/10xxx/CVE-2018-10395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10395", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10395", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10512.json b/2018/10xxx/CVE-2018-10512.json index 7697ba107f5..c15a2b04ddd 100644 --- a/2018/10xxx/CVE-2018-10512.json +++ b/2018/10xxx/CVE-2018-10512.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-10512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Control Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0 and 7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-10512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Control Manager", + "version": { + "version_data": [ + { + "version_value": "6.0 and 7.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://success.trendmicro.com/solution/1120112", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1120112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1120112", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1120112" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10749.json b/2018/10xxx/CVE-2018-10749.json index 0cb36ca854a..619d34a3ccb 100644 --- a/2018/10xxx/CVE-2018-10749.json +++ b/2018/10xxx/CVE-2018-10749.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/commit.md", - "refsource" : "MISC", - "url" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/commit.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/commit.md", + "refsource": "MISC", + "url": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/commit.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10941.json b/2018/10xxx/CVE-2018-10941.json index d41056cf15e..1d7a6f589e8 100644 --- a/2018/10xxx/CVE-2018-10941.json +++ b/2018/10xxx/CVE-2018-10941.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10941", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10941", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13119.json b/2018/13xxx/CVE-2018-13119.json index 5c461a2504e..350910c773a 100644 --- a/2018/13xxx/CVE-2018-13119.json +++ b/2018/13xxx/CVE-2018-13119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13597.json b/2018/13xxx/CVE-2018-13597.json index a7238d2d0b2..003e888e309 100644 --- a/2018/13xxx/CVE-2018-13597.json +++ b/2018/13xxx/CVE-2018-13597.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/testcoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/testcoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/testcoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/testcoin" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13776.json b/2018/13xxx/CVE-2018-13776.json index 6f4d7aa61d1..2c0245c6bf2 100644 --- a/2018/13xxx/CVE-2018-13776.json +++ b/2018/13xxx/CVE-2018-13776.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AppleToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AppleToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AppleToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AppleToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17040.json b/2018/17xxx/CVE-2018-17040.json index 4b0102b8b5f..43ae73e2954 100644 --- a/2018/17xxx/CVE-2018-17040.json +++ b/2018/17xxx/CVE-2018-17040.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17040", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17040", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17463.json b/2018/17xxx/CVE-2018-17463.json index aeed0b03e2c..4f3a5b6748c 100644 --- a/2018/17xxx/CVE-2018-17463.json +++ b/2018/17xxx/CVE-2018-17463.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-17463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "70.0.3538.64" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-17463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "70.0.3538.64" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/888923", - "refsource" : "MISC", - "url" : "https://crbug.com/888923" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4330", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4330" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:3004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3004" - }, - { - "name" : "105666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4330", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4330" + }, + { + "name": "https://crbug.com/888923", + "refsource": "MISC", + "url": "https://crbug.com/888923" + }, + { + "name": "RHSA-2018:3004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3004" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + }, + { + "name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" + }, + { + "name": "105666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105666" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17686.json b/2018/17xxx/CVE-2018-17686.json index 5d8048e1192..cd141974fb3 100644 --- a/2018/17xxx/CVE-2018-17686.json +++ b/2018/17xxx/CVE-2018-17686.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6844." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125: Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1185/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1185/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6844." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1185/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1185/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17752.json b/2018/17xxx/CVE-2018-17752.json index c10f3002a51..9084e631a1c 100644 --- a/2018/17xxx/CVE-2018-17752.json +++ b/2018/17xxx/CVE-2018-17752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17752", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17752", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17790.json b/2018/17xxx/CVE-2018-17790.json index decd51000ac..f87c0ddc392 100644 --- a/2018/17xxx/CVE-2018-17790.json +++ b/2018/17xxx/CVE-2018-17790.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17790", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17790", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20508.json b/2018/20xxx/CVE-2018-20508.json index 02b0b15c8b3..da804231815 100644 --- a/2018/20xxx/CVE-2018-20508.json +++ b/2018/20xxx/CVE-2018-20508.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\\models\\User.php search() function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/crashfix/tickets/21/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/crashfix/tickets/21/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\\models\\User.php search() function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/crashfix/tickets/21/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/crashfix/tickets/21/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9201.json b/2018/9xxx/CVE-2018-9201.json index 2ff585ac856..9c9e6aeedd4 100644 --- a/2018/9xxx/CVE-2018-9201.json +++ b/2018/9xxx/CVE-2018-9201.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9201", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9201", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9280.json b/2018/9xxx/CVE-2018-9280.json index d76dd94c5f9..2a553565135 100644 --- a/2018/9xxx/CVE-2018-9280.json +++ b/2018/9xxx/CVE-2018-9280.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9436.json b/2018/9xxx/CVE-2018-9436.json index 7e514133bbb..e5087657e73 100644 --- a/2018/9xxx/CVE-2018-9436.json +++ b/2018/9xxx/CVE-2018-9436.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-9436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-9436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9848.json b/2018/9xxx/CVE-2018-9848.json index 1b6276b07e7..039f881996a 100644 --- a/2018/9xxx/CVE-2018-9848.json +++ b/2018/9xxx/CVE-2018-9848.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Gxlcms QY v1.0.0713, the upload function in Lib\\Lib\\Action\\Admin\\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-upload-getshell/index.html", - "refsource" : "MISC", - "url" : "http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-upload-getshell/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Gxlcms QY v1.0.0713, the upload function in Lib\\Lib\\Action\\Admin\\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-upload-getshell/index.html", + "refsource": "MISC", + "url": "http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-upload-getshell/index.html" + } + ] + } +} \ No newline at end of file