diff --git a/2002/0xxx/CVE-2002-0253.json b/2002/0xxx/CVE-2002-0253.json index 93a4746983a..174487bbad5 100644 --- a/2002/0xxx/CVE-2002-0253.json +++ b/2002/0xxx/CVE-2002-0253.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP, when not configured with the \"display_errors = Off\" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020207 Advisory #3 - PHP & JSP", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101318944130790&w=2" - }, - { - "name" : "4063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4063" - }, - { - "name" : "php-slash-path-information(8122)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8122.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP, when not configured with the \"display_errors = Off\" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020207 Advisory #3 - PHP & JSP", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101318944130790&w=2" + }, + { + "name": "php-slash-path-information(8122)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8122.php" + }, + { + "name": "4063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4063" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1013.json b/2002/1xxx/CVE-2002-1013.json index 3cb1f306902..312948da28f 100644 --- a/2002/1xxx/CVE-2002-1013.json +++ b/2002/1xxx/CVE-2002-1013.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020702 CORE-20020620: Inktomi Traffic Server Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html" - }, - { - "name" : "http://support.inktomi.com/kb/070202-003.html", - "refsource" : "CONFIRM", - "url" : "http://support.inktomi.com/kb/070202-003.html" - }, - { - "name" : "5098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5098" - }, - { - "name" : "inktomi-trafficserver-manager-bo(9465)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9465.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.inktomi.com/kb/070202-003.html", + "refsource": "CONFIRM", + "url": "http://support.inktomi.com/kb/070202-003.html" + }, + { + "name": "5098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5098" + }, + { + "name": "inktomi-trafficserver-manager-bo(9465)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9465.php" + }, + { + "name": "20020702 CORE-20020620: Inktomi Traffic Server Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1047.json b/2002/1xxx/CVE-2002-1047.json index 10015e001b8..28edf8556d3 100644 --- a/2002/1xxx/CVE-2002-1047.json +++ b/2002/1xxx/CVE-2002-1047.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP service in Watchguard Soho Firewall 5.0.35a allows remote attackers to gain privileges with a correct password but an incorrect user name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020701 [VulnWatch] KPMG-2002027: Watchguard Soho FTP authentication flaw", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0139.html" - }, - { - "name" : "firebox-soho-ftp-insecure(9511)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9511.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP service in Watchguard Soho Firewall 5.0.35a allows remote attackers to gain privileges with a correct password but an incorrect user name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020701 [VulnWatch] KPMG-2002027: Watchguard Soho FTP authentication flaw", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0139.html" + }, + { + "name": "firebox-soho-ftp-insecure(9511)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9511.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1420.json b/2002/1xxx/CVE-2002-1420.json index 2ca2ba66e71..88308ca0b8f 100644 --- a/2002/1xxx/CVE-2002-1420.json +++ b/2002/1xxx/CVE-2002-1420.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020812 OpenBSD Security Advisory: Select Boundary Condition (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102918817012863&w=2" - }, - { - "name" : "VU#259787", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/259787" - }, - { - "name" : "5442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5442" - }, - { - "name" : "7554", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7554" - }, - { - "name" : "openbsd-select-bo(9809)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9809.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5442" + }, + { + "name": "openbsd-select-bo(9809)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9809.php" + }, + { + "name": "VU#259787", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/259787" + }, + { + "name": "7554", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7554" + }, + { + "name": "20020812 OpenBSD Security Advisory: Select Boundary Condition (fwd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102918817012863&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1473.json b/2002/1xxx/CVE-2002-1473.json index 6bb96cf387c..42d2f14fb99 100644 --- a/2002/1xxx/CVE-2002-1473.json +++ b/2002/1xxx/CVE-2002-1473.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0208-213", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2002-q3/0064.html" - }, - { - "name" : "hp-lp-dos(9992)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9992.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-lp-dos(9992)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9992.php" + }, + { + "name": "HPSBUX0208-213", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2002-q3/0064.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1581.json b/2002/1xxx/CVE-2002-1581.json index 2117cb3b506..b9cdfb59dea 100644 --- a/2002/1xxx/CVE-2002-1581.json +++ b/2002/1xxx/CVE-2002-1581.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/297428" - }, - { - "name" : "http://mailreader.com/download/ChangeLog", - "refsource" : "MISC", - "url" : "http://mailreader.com/download/ChangeLog" - }, - { - "name" : "http://mailreader.com/download/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://mailreader.com/download/ChangeLog" - }, - { - "name" : "DSA-534", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-534" - }, - { - "name" : "6055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6055" - }, - { - "name" : "mailreader-dotdot-directory-traversal(10490)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10490.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mailreader.com/download/ChangeLog", + "refsource": "CONFIRM", + "url": "http://mailreader.com/download/ChangeLog" + }, + { + "name": "mailreader-dotdot-directory-traversal(10490)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10490.php" + }, + { + "name": "6055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6055" + }, + { + "name": "DSA-534", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-534" + }, + { + "name": "http://mailreader.com/download/ChangeLog", + "refsource": "MISC", + "url": "http://mailreader.com/download/ChangeLog" + }, + { + "name": "20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/297428" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1858.json b/2002/1xxx/CVE-2002-1858.json index d5f697eb62d..0434998553f 100644 --- a/2002/1xxx/CVE-2002-1858.json +++ b/2002/1xxx/CVE-2002-1858.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot (\"WEB-INF.\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/279582" - }, - { - "name" : "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt", - "refsource" : "MISC", - "url" : "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf" - }, - { - "name" : "5119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5119" - }, - { - "name" : "webinf-dot-file-retrieval(9446)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9446.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot (\"WEB-INF.\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5119" + }, + { + "name": "webinf-dot-file-retrieval(9446)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9446.php" + }, + { + "name": "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt", + "refsource": "MISC", + "url": "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt" + }, + { + "name": "20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/279582" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0204.json b/2003/0xxx/CVE-2003-0204.json index 9117f90c2c6..2b9d4607913 100644 --- a/2003/0xxx/CVE-2003-0204.json +++ b/2003/0xxx/CVE-2003-0204.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kde.org/info/security/advisory-20030409-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20030409-1.txt" - }, - { - "name" : "http://bugs.kde.org/show_bug.cgi?id=56808", - "refsource" : "CONFIRM", - "url" : "http://bugs.kde.org/show_bug.cgi?id=56808" - }, - { - "name" : "http://bugs.kde.org/show_bug.cgi?id=53343", - "refsource" : "CONFIRM", - "url" : "http://bugs.kde.org/show_bug.cgi?id=53343" - }, - { - "name" : "DSA-284", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-284" - }, - { - "name" : "DSA-293", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-293" - }, - { - "name" : "DSA-296", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-296" - }, - { - "name" : "MDKSA-2003:049", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:049" - }, - { - "name" : "RHSA-2003:002", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-002.html" - }, - { - "name" : "CLA-2003:668", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668" - }, - { - "name" : "CLA-2003:747", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747" - }, - { - "name" : "20030410 GLSA: kde-3.x (200304-04)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105001557020141&w=2" - }, - { - "name" : "20030411 GLSA: kde-2.x (200304-05)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105012994719099&w=2" - }, - { - "name" : "20030414 GLSA: kde-2.x (200304-05.1)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105034222521369&w=2" - }, - { - "name" : "20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105017403010459&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105017403010459&w=2" + }, + { + "name": "MDKSA-2003:049", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:049" + }, + { + "name": "CLA-2003:668", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668" + }, + { + "name": "DSA-296", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-296" + }, + { + "name": "http://bugs.kde.org/show_bug.cgi?id=53343", + "refsource": "CONFIRM", + "url": "http://bugs.kde.org/show_bug.cgi?id=53343" + }, + { + "name": "20030414 GLSA: kde-2.x (200304-05.1)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105034222521369&w=2" + }, + { + "name": "CLA-2003:747", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747" + }, + { + "name": "http://www.kde.org/info/security/advisory-20030409-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20030409-1.txt" + }, + { + "name": "RHSA-2003:002", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-002.html" + }, + { + "name": "http://bugs.kde.org/show_bug.cgi?id=56808", + "refsource": "CONFIRM", + "url": "http://bugs.kde.org/show_bug.cgi?id=56808" + }, + { + "name": "20030410 GLSA: kde-3.x (200304-04)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105001557020141&w=2" + }, + { + "name": "DSA-284", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-284" + }, + { + "name": "DSA-293", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-293" + }, + { + "name": "20030411 GLSA: kde-2.x (200304-05)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105012994719099&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0221.json b/2003/0xxx/CVE-2003-0221.json index 35f8ee18011..9359fc3506b 100644 --- a/2003/0xxx/CVE-2003-0221.json +++ b/2003/0xxx/CVE-2003-0221.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SSRT3471", - "refsource" : "HP", - "url" : "http://www.ciac.org/ciac/bulletins/n-086.shtml" - }, - { - "name" : "7452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7452" - }, - { - "name" : "tru64-dupatch-setld-symlink(11892)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tru64-dupatch-setld-symlink(11892)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11892" + }, + { + "name": "7452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7452" + }, + { + "name": "SSRT3471", + "refsource": "HP", + "url": "http://www.ciac.org/ciac/bulletins/n-086.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0436.json b/2003/0xxx/CVE-2003-0436.json index 055ef047c16..8a760b46909 100644 --- a/2003/0xxx/CVE-2003-0436.json +++ b/2003/0xxx/CVE-2003-0436.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html" - }, - { - "name" : "7865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html" + }, + { + "name": "7865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7865" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0561.json b/2003/0xxx/CVE-2003-0561.json index a05f35ad8b5..fc1a3a35d93 100644 --- a/2003/0xxx/CVE-2003-0561.json +++ b/2003/0xxx/CVE-2003-0561.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030707 Multiple Buffer Overflows in IglooFTP PRO", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105769805311484&w=2" - }, - { - "name" : "20030707 Multiple Buffer Overflows in IglooFTP PRO", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0010.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030707 Multiple Buffer Overflows in IglooFTP PRO", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0010.html" + }, + { + "name": "20030707 Multiple Buffer Overflows in IglooFTP PRO", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105769805311484&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1117.json b/2003/1xxx/CVE-2003-1117.json index 50c8789a72c..91f73326ce2 100644 --- a/2003/1xxx/CVE-2003-1117.json +++ b/2003/1xxx/CVE-2003-1117.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/help/faq/security/bufferoverflow.html", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/help/faq/security/bufferoverflow.html" - }, - { - "name" : "VU#143627", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/143627" - }, - { - "name" : "VU#912219", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/912219" - }, - { - "name" : "1003604", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003604" - }, - { - "name" : "realsystem-malformed-url-bo(11362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1003604", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003604" + }, + { + "name": "http://service.real.com/help/faq/security/bufferoverflow.html", + "refsource": "CONFIRM", + "url": "http://service.real.com/help/faq/security/bufferoverflow.html" + }, + { + "name": "VU#912219", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/912219" + }, + { + "name": "realsystem-malformed-url-bo(11362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11362" + }, + { + "name": "VU#143627", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/143627" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1143.json b/2003/1xxx/CVE-2003-1143.json index f350435ea67..216794963c9 100644 --- a/2003/1xxx/CVE-2003-1143.json +++ b/2003/1xxx/CVE-2003-1143.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031030 Serious Sam is not so serious", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/342957" - }, - { - "name" : "http://aluigi.altervista.org/adv/ssboom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ssboom-adv.txt" - }, - { - "name" : "8936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8936" - }, - { - "name" : "serioussam-games-packet-dos(13618)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8936" + }, + { + "name": "20031030 Serious Sam is not so serious", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/342957" + }, + { + "name": "serioussam-games-packet-dos(13618)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13618" + }, + { + "name": "http://aluigi.altervista.org/adv/ssboom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ssboom-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1500.json b/2003/1xxx/CVE-2003-1500.json index c9964704155..49c910b2f76 100644 --- a/2003/1xxx/CVE-2003-1500.json +++ b/2003/1xxx/CVE-2003-1500.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031019 ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/341757" - }, - { - "name" : "http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864", - "refsource" : "CONFIRM", - "url" : "http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864" - }, - { - "name" : "http://www.securiteam.com/unixfocus/6H00E2K8KG.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/6H00E2K8KG.html" - }, - { - "name" : "8851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8851" - }, - { - "name" : "3301", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3301" - }, - { - "name" : "cpCommerce-functionsphp-file-include(13457)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/unixfocus/6H00E2K8KG.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/6H00E2K8KG.html" + }, + { + "name": "8851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8851" + }, + { + "name": "20031019 ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/341757" + }, + { + "name": "http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864", + "refsource": "CONFIRM", + "url": "http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864" + }, + { + "name": "3301", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3301" + }, + { + "name": "cpCommerce-functionsphp-file-include(13457)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13457" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2051.json b/2004/2xxx/CVE-2004-2051.json index 9950e45c4b8..b5b41ec2460 100644 --- a/2004/2xxx/CVE-2004-2051.json +++ b/2004/2xxx/CVE-2004-2051.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040724 eSeSIX Thintune thin client multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109068491801021&w=2" - }, - { - "name" : "10794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10794" - }, - { - "name" : "8249", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8249" - }, - { - "name" : "1010770", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010770" - }, - { - "name" : "12154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12154" - }, - { - "name" : "thintune-url-obtain-information(16798)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "thintune-url-obtain-information(16798)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16798" + }, + { + "name": "10794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10794" + }, + { + "name": "12154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12154" + }, + { + "name": "8249", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8249" + }, + { + "name": "1010770", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010770" + }, + { + "name": "20040724 eSeSIX Thintune thin client multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109068491801021&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2197.json b/2004/2xxx/CVE-2004-2197.json index e922b38e8e7..a3e31377dad 100644 --- a/2004/2xxx/CVE-2004-2197.json +++ b/2004/2xxx/CVE-2004-2197.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=414631", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=414631" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/kdocker/kdocker/src/kdocker.cpp?r1=1.10&r2=1.11&sortby=log", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/kdocker/kdocker/src/kdocker.cpp?r1=1.10&r2=1.11&sortby=log" - }, - { - "name" : "11419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11419" - }, - { - "name" : "10729", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10729" - }, - { - "name" : "12828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12828" - }, - { - "name" : "1011688", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011688" - }, - { - "name" : "kdocker-kdockerccp-gain-privileges(17718)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kdocker-kdockerccp-gain-privileges(17718)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17718" + }, + { + "name": "10729", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10729" + }, + { + "name": "1011688", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011688" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/kdocker/kdocker/src/kdocker.cpp?r1=1.10&r2=1.11&sortby=log", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/kdocker/kdocker/src/kdocker.cpp?r1=1.10&r2=1.11&sortby=log" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=414631", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=414631" + }, + { + "name": "11419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11419" + }, + { + "name": "12828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12828" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0239.json b/2012/0xxx/CVE-2012-0239.json index a19b50defde..b08f059b09b 100644 --- a/2012/0xxx/CVE-2012-0239.json +++ b/2012/0xxx/CVE-2012-0239.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" - }, - { - "name" : "52051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" + }, + { + "name": "52051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52051" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0621.json b/2012/0xxx/CVE-2012-0621.json index 47e86bf1ffb..9cb2276be6e 100644 --- a/2012/0xxx/CVE-2012-0621.json +++ b/2012/0xxx/CVE-2012-0621.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "oval:org.mitre.oval:def:17432", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17432" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17432", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17432" + }, + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0657.json b/2012/0xxx/CVE-2012-0657.json index fb52147675e..e1177a12bdf 100644 --- a/2012/0xxx/CVE-2012-0657.json +++ b/2012/0xxx/CVE-2012-0657.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "53445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53445" - }, - { - "name" : "53473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53445" + }, + { + "name": "53473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53473" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0870.json b/2012/0xxx/CVE-2012-0870.json index 693fdb6db89..7d4cacaed08 100644 --- a/2012/0xxx/CVE-2012-0870.json +++ b/2012/0xxx/CVE-2012-0870.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29565", - "refsource" : "CONFIRM", - "url" : "http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29565" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=795509", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=795509" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "SUSE-SU-2012:0502", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html" - }, - { - "name" : "SUSE-SU-2012:0515", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:0337", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00008.html" - }, - { - "name" : "SUSE-SU-2012:0338", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00009.html" - }, - { - "name" : "USN-1374-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1374-1" - }, - { - "name" : "48116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48116" - }, - { - "name" : "48186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48186" - }, - { - "name" : "48844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48844" - }, - { - "name" : "48879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48879" - }, - { - "name" : "blackberry-playbook-samba-code-execution(73361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29565", + "refsource": "CONFIRM", + "url": "http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29565" + }, + { + "name": "SUSE-SU-2012:0337", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00008.html" + }, + { + "name": "USN-1374-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1374-1" + }, + { + "name": "SUSE-SU-2012:0515", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html" + }, + { + "name": "SUSE-SU-2012:0502", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html" + }, + { + "name": "48844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48844" + }, + { + "name": "48116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48116" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=795509", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=795509" + }, + { + "name": "48879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48879" + }, + { + "name": "48186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48186" + }, + { + "name": "SUSE-SU-2012:0338", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00009.html" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "blackberry-playbook-samba-code-execution(73361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73361" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1352.json b/2012/1xxx/CVE-2012-1352.json index bc74c1cb5c9..f168a122bea 100644 --- a/2012/1xxx/CVE-2012-1352.json +++ b/2012/1xxx/CVE-2012-1352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1498.json b/2012/1xxx/CVE-2012-1498.json index 9db9cac7ff2..0d6137c4a56 100644 --- a/2012/1xxx/CVE-2012-1498.json +++ b/2012/1xxx/CVE-2012-1498.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18536", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18536" - }, - { - "name" : "http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html", - "refsource" : "MISC", - "url" : "http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html" - }, - { - "name" : "http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html" - }, - { - "name" : "52218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52218" - }, - { - "name" : "79658", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79658" - }, - { - "name" : "48190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48190" - }, - { - "name" : "webfoliocms-addadmin-modifywebpage-csrf(73575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "79658", + "refsource": "OSVDB", + "url": "http://osvdb.org/79658" + }, + { + "name": "18536", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18536" + }, + { + "name": "http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html" + }, + { + "name": "52218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52218" + }, + { + "name": "http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html", + "refsource": "MISC", + "url": "http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html" + }, + { + "name": "48190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48190" + }, + { + "name": "webfoliocms-addadmin-modifywebpage-csrf(73575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73575" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1741.json b/2012/1xxx/CVE-2012-1741.json index e0b906b54cf..6170e18687b 100644 --- a/2012/1xxx/CVE-2012-1741.json +++ b/2012/1xxx/CVE-2012-1741.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to User Administration Pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54492" - }, - { - "name" : "83951", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83951" - }, - { - "name" : "1027264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027264" - }, - { - "name" : "fusionmiddleware-emuap-cve20121741(76994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to User Administration Pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54492" + }, + { + "name": "83951", + "refsource": "OSVDB", + "url": "http://osvdb.org/83951" + }, + { + "name": "fusionmiddleware-emuap-cve20121741(76994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76994" + }, + { + "name": "1027264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027264" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1776.json b/2012/1xxx/CVE-2012-1776.json index e6ba8b6267f..904db0621d2 100644 --- a/2012/1xxx/CVE-2012-1776.json +++ b/2012/1xxx/CVE-2012-1776.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.videolan.org/security/sa1202.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/security/sa1202.html" - }, - { - "name" : "52550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52550" - }, - { - "name" : "80189", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80189" - }, - { - "name" : "oval:org.mitre.oval:def:14817", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14817" - }, - { - "name" : "vlcmediaplayer-realrtsp-bo(74118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.videolan.org/security/sa1202.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/security/sa1202.html" + }, + { + "name": "52550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52550" + }, + { + "name": "80189", + "refsource": "OSVDB", + "url": "http://osvdb.org/80189" + }, + { + "name": "oval:org.mitre.oval:def:14817", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14817" + }, + { + "name": "vlcmediaplayer-realrtsp-bo(74118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74118" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1854.json b/2012/1xxx/CVE-2012-1854.json index a578a2507f0..238fda0bf10 100644 --- a/2012/1xxx/CVE-2012-1854.json +++ b/2012/1xxx/CVE-2012-1854.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Visual Basic for Applications Insecure Library Loading Vulnerability,\" as exploited in the wild in July 2012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-046", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046" - }, - { - "name" : "TA12-192A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14950", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Visual Basic for Applications Insecure Library Loading Vulnerability,\" as exploited in the wild in July 2012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-192A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" + }, + { + "name": "oval:org.mitre.oval:def:14950", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950" + }, + { + "name": "MS12-046", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4194.json b/2012/4xxx/CVE-2012-4194.json index 1dba1b3c950..8100eae011f 100644 --- a/2012/4xxx/CVE-2012-4194.json +++ b/2012/4xxx/CVE-2012-4194.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=800666", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=800666" - }, - { - "name" : "RHSA-2012:1407", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1407.html" - }, - { - "name" : "RHSA-2012:1413", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1413.html" - }, - { - "name" : "openSUSE-SU-2012:1412", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html" - }, - { - "name" : "SUSE-SU-2012:1426", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html" - }, - { - "name" : "USN-1620-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1620-1" - }, - { - "name" : "USN-1620-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1620-2" - }, - { - "name" : "56301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56301" - }, - { - "name" : "oval:org.mitre.oval:def:16918", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16918" - }, - { - "name" : "51165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51165" - }, - { - "name" : "51121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51121" - }, - { - "name" : "51123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51123" - }, - { - "name" : "51127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51127" - }, - { - "name" : "51144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51144" - }, - { - "name" : "51146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51146" - }, - { - "name" : "51147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51147" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51144" + }, + { + "name": "56301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56301" + }, + { + "name": "SUSE-SU-2012:1426", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html" + }, + { + "name": "oval:org.mitre.oval:def:16918", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16918" + }, + { + "name": "51123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51123" + }, + { + "name": "51121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51121" + }, + { + "name": "51147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51147" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=800666", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=800666" + }, + { + "name": "USN-1620-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1620-1" + }, + { + "name": "RHSA-2012:1407", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1407.html" + }, + { + "name": "51127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51127" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html" + }, + { + "name": "USN-1620-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1620-2" + }, + { + "name": "openSUSE-SU-2012:1412", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html" + }, + { + "name": "51165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51165" + }, + { + "name": "RHSA-2012:1413", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1413.html" + }, + { + "name": "51146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51146" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4396.json b/2012/4xxx/CVE-2012-4396.json index dd08ad8c3df..094c786ce96 100644 --- a/2012/4xxx/CVE-2012-4396.json +++ b/2012/4xxx/CVE-2012-4396.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/11/1" - }, - { - "name" : "[oss-security] 20120901 Re: CVE - ownCloud", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/2" - }, - { - "name" : "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027" - }, - { - "name" : "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5" - }, - { - "name" : "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7" - }, - { - "name" : "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438" - }, - { - "name" : "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c" - }, - { - "name" : "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606" - }, - { - "name" : "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48" - }, - { - "name" : "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254" - }, - { - "name" : "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254" + }, + { + "name": "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438" + }, + { + "name": "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7" + }, + { + "name": "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48" + }, + { + "name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/11/1" + }, + { + "name": "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606" + }, + { + "name": "[oss-security] 20120901 Re: CVE - ownCloud", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/2" + }, + { + "name": "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5" + }, + { + "name": "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c" + }, + { + "name": "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb" + }, + { + "name": "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4409.json b/2012/4xxx/CVE-2012-4409.json index 2f3b8655d4d..53d10ce752c 100644 --- a/2012/4xxx/CVE-2012-4409.json +++ b/2012/4xxx/CVE-2012-4409.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120906 Re: CVE request - mcrypt buffer overflow flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/06/4" - }, - { - "name" : "http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=855029", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=855029" - }, - { - "name" : "FEDORA-2012-13599", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086519.html" - }, - { - "name" : "FEDORA-2012-13656", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087542.html" - }, - { - "name" : "FEDORA-2012-13657", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088281.html" - }, - { - "name" : "1027532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027532" - }, - { - "name" : "50507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50507" - }, - { - "name" : "51010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-13599", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086519.html" + }, + { + "name": "FEDORA-2012-13657", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088281.html" + }, + { + "name": "http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html" + }, + { + "name": "FEDORA-2012-13656", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087542.html" + }, + { + "name": "[oss-security] 20120906 Re: CVE request - mcrypt buffer overflow flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/06/4" + }, + { + "name": "51010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51010" + }, + { + "name": "1027532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027532" + }, + { + "name": "50507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50507" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=855029", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=855029" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5298.json b/2012/5xxx/CVE-2012-5298.json index e16469fdd27..aa494883410 100644 --- a/2012/5xxx/CVE-2012-5298.json +++ b/2012/5xxx/CVE-2012-5298.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120103 mavili guestbook - SQL Injection and XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0010.html" - }, - { - "name" : "http://code.google.com/p/maviliguestbook/issues/detail?id=1", - "refsource" : "MISC", - "url" : "http://code.google.com/p/maviliguestbook/issues/detail?id=1" - }, - { - "name" : "51252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51252" - }, - { - "name" : "mavili-guestbook-information-disclosure(72101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120103 mavili guestbook - SQL Injection and XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0010.html" + }, + { + "name": "51252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51252" + }, + { + "name": "mavili-guestbook-information-disclosure(72101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72101" + }, + { + "name": "http://code.google.com/p/maviliguestbook/issues/detail?id=1", + "refsource": "MISC", + "url": "http://code.google.com/p/maviliguestbook/issues/detail?id=1" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5792.json b/2012/5xxx/CVE-2012-5792.json index 8c66079aa32..28f419b8341 100644 --- a/2012/5xxx/CVE-2012-5792.json +++ b/2012/5xxx/CVE-2012-5792.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "sage-pay-ssl-spoofing(79979)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sage-pay-ssl-spoofing(79979)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79979" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5973.json b/2012/5xxx/CVE-2012-5973.json index 52e54393a72..4612326216c 100644 --- a/2012/5xxx/CVE-2012-5973.json +++ b/2012/5xxx/CVE-2012-5973.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B358F44CA-6354-4427-9088-C57138E9EE11%7D", - "refsource" : "CONFIRM", - "url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B358F44CA-6354-4427-9088-C57138E9EE11%7D" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B358F44CA-6354-4427-9088-C57138E9EE11%7D", + "refsource": "CONFIRM", + "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B358F44CA-6354-4427-9088-C57138E9EE11%7D" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3172.json b/2017/3xxx/CVE-2017-3172.json index 6e9b5c9a56a..683380264a9 100644 --- a/2017/3xxx/CVE-2017-3172.json +++ b/2017/3xxx/CVE-2017-3172.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3172", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3172", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3202.json b/2017/3xxx/CVE-2017-3202.json index 74c6c841d7d..31e15686842 100644 --- a/2017/3xxx/CVE-2017-3202.json +++ b/2017/3xxx/CVE-2017-3202.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3202", - "STATE" : "PUBLIC", - "TITLE" : "The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code control" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Flamingo amf-serializer", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "2.2.0", - "version_value" : "2.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Exadel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-913: Improper Control of Dynamically-Managed Code Resources" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3202", + "STATE": "PUBLIC", + "TITLE": "The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code control" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Flamingo amf-serializer", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "2.2.0", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Exadel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution", - "refsource" : "MISC", - "url" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution" - }, - { - "name" : "https://codewhitesec.blogspot.com/2017/04/amf.html", - "refsource" : "MISC", - "url" : "https://codewhitesec.blogspot.com/2017/04/amf.html" - }, - { - "name" : "VU#307983", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/307983" - }, - { - "name" : "97380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97380" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-913: Improper Control of Dynamically-Managed Code Resources" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codewhitesec.blogspot.com/2017/04/amf.html", + "refsource": "MISC", + "url": "https://codewhitesec.blogspot.com/2017/04/amf.html" + }, + { + "name": "VU#307983", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/307983" + }, + { + "name": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution", + "refsource": "MISC", + "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution" + }, + { + "name": "97380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97380" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3379.json b/2017/3xxx/CVE-2017-3379.json index 58adf17e8bb..c1dc9ad4c45 100644 --- a/2017/3xxx/CVE-2017-3379.json +++ b/2017/3xxx/CVE-2017-3379.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3708.json b/2017/3xxx/CVE-2017-3708.json index 6a5302222c7..d68ad57ab3e 100644 --- a/2017/3xxx/CVE-2017-3708.json +++ b/2017/3xxx/CVE-2017-3708.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3708", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3708", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3777.json b/2017/3xxx/CVE-2017-3777.json index d581afc7f08..05968b2c312 100644 --- a/2017/3xxx/CVE-2017-3777.json +++ b/2017/3xxx/CVE-2017-3777.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3777", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3777", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6386.json b/2017/6xxx/CVE-2017-6386.json index 2faa39d6901..783d631b126 100644 --- a/2017/6xxx/CVE-2017-6386.json +++ b/2017/6xxx/CVE-2017-6386.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170301 CVE-2017-6386 Virglrenderer: memory leakage while in vrend_create_vertex_elements_state", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/01/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1427472", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1427472" - }, - { - "name" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920" - }, - { - "name" : "GLSA-201707-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-06" - }, - { - "name" : "96506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170301 CVE-2017-6386 Virglrenderer: memory leakage while in vrend_create_vertex_elements_state", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/01/7" + }, + { + "name": "GLSA-201707-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-06" + }, + { + "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920" + }, + { + "name": "96506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96506" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1427472", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427472" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6586.json b/2017/6xxx/CVE-2017-6586.json index ac126fe409c..daf675f42cd 100644 --- a/2017/6xxx/CVE-2017-6586.json +++ b/2017/6xxx/CVE-2017-6586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6586", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6586", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7092.json b/2017/7xxx/CVE-2017-7092.json index b05249ed7af..a179528e10e 100644 --- a/2017/7xxx/CVE-2017-7092.json +++ b/2017/7xxx/CVE-2017-7092.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "https://support.apple.com/HT208141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208141" - }, - { - "name" : "https://support.apple.com/HT208142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208142" - }, - { - "name" : "100994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100994" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - }, - { - "name" : "1039428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100994" + }, + { + "name": "https://support.apple.com/HT208141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208141" + }, + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "https://support.apple.com/HT208142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208142" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "1039428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039428" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7288.json b/2017/7xxx/CVE-2017-7288.json index 709f4b04122..3a167e0cf9a 100644 --- a/2017/7xxx/CVE-2017-7288.json +++ b/2017/7xxx/CVE-2017-7288.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" - }, - { - "name" : "98081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98081" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7431.json b/2017/7xxx/CVE-2017-7431.json index 845ff9124ec..9825a045d07 100644 --- a/2017/7xxx/CVE-2017-7431.json +++ b/2017/7xxx/CVE-2017-7431.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2017-7431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1", - "version" : { - "version_data" : [ - { - "version_value" : "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CSRF" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2017-7431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1", + "version": { + "version_data": [ + { + "version_value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=1024963", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=1024963" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=1030692", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=1030692" - }, - { - "name" : "https://dl.netiq.com/Download?buildid=24FxpmqdThE~", - "refsource" : "CONFIRM", - "url" : "https://dl.netiq.com/Download?buildid=24FxpmqdThE~" - }, - { - "name" : "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~", - "refsource" : "CONFIRM", - "url" : "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~" - }, - { - "name" : "https://www.netiq.com/support/kb/doc.php?id=7016795", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/support/kb/doc.php?id=7016795" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7010166", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7010166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=1024963", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=1024963" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=1030692", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=1030692" + }, + { + "name": "https://www.novell.com/support/kb/doc.php?id=7010166", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7010166" + }, + { + "name": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~", + "refsource": "CONFIRM", + "url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~" + }, + { + "name": "https://www.netiq.com/support/kb/doc.php?id=7016795", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/support/kb/doc.php?id=7016795" + }, + { + "name": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~", + "refsource": "CONFIRM", + "url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7812.json b/2017/7xxx/CVE-2017-7812.json index 69a3ad9faf8..b9052a9dd25 100644 --- a/2017/7xxx/CVE-2017-7812.json +++ b/2017/7xxx/CVE-2017-7812.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "56" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through \"file:\" URLs. This vulnerability affects Firefox < 56." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Drag and drop of malicious page content to the tab bar can open locally stored files" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "56" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1379842", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1379842" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/" - }, - { - "name" : "101057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101057" - }, - { - "name" : "1039465", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through \"file:\" URLs. This vulnerability affects Firefox < 56." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Drag and drop of malicious page content to the tab bar can open locally stored files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039465", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039465" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1379842", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1379842" + }, + { + "name": "101057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101057" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8850.json b/2017/8xxx/CVE-2017-8850.json index 65188a4dc04..e5e47c02fc1 100644 --- a/2017/8xxx/CVE-2017-8850.json +++ b/2017/8xxx/CVE-2017-8850.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://alephsecurity.com/vulns/aleph-2017020", - "refsource" : "MISC", - "url" : "https://alephsecurity.com/vulns/aleph-2017020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://alephsecurity.com/vulns/aleph-2017020", + "refsource": "MISC", + "url": "https://alephsecurity.com/vulns/aleph-2017020" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10119.json b/2018/10xxx/CVE-2018-10119.json index 26454ef02d7..b018eeb3f42 100644 --- a/2018/10xxx/CVE-2018-10119.json +++ b/2018/10xxx/CVE-2018-10119.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180419 [SECURITY] [DLA 1356-1] libreoffice security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html" - }, - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747" - }, - { - "name" : "https://gerrit.libreoffice.org/#/c/48751/", - "refsource" : "MISC", - "url" : "https://gerrit.libreoffice.org/#/c/48751/" - }, - { - "name" : "https://gerrit.libreoffice.org/#/c/48756/", - "refsource" : "MISC", - "url" : "https://gerrit.libreoffice.org/#/c/48756/" - }, - { - "name" : "https://gerrit.libreoffice.org/#/c/48757/", - "refsource" : "MISC", - "url" : "https://gerrit.libreoffice.org/#/c/48757/" - }, - { - "name" : "https://gerrit.libreoffice.org/#/c/48758/", - "refsource" : "MISC", - "url" : "https://gerrit.libreoffice.org/#/c/48758/" - }, - { - "name" : "https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05", - "refsource" : "MISC", - "url" : "https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05" - }, - { - "name" : "https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/", - "refsource" : "MISC", - "url" : "https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/" - }, - { - "name" : "DSA-4178", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4178" - }, - { - "name" : "RHSA-2018:3054", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3054" - }, - { - "name" : "USN-3883-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3883-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gerrit.libreoffice.org/#/c/48758/", + "refsource": "MISC", + "url": "https://gerrit.libreoffice.org/#/c/48758/" + }, + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747" + }, + { + "name": "RHSA-2018:3054", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3054" + }, + { + "name": "DSA-4178", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4178" + }, + { + "name": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/", + "refsource": "MISC", + "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/" + }, + { + "name": "USN-3883-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3883-1/" + }, + { + "name": "https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05", + "refsource": "MISC", + "url": "https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05" + }, + { + "name": "https://gerrit.libreoffice.org/#/c/48751/", + "refsource": "MISC", + "url": "https://gerrit.libreoffice.org/#/c/48751/" + }, + { + "name": "[debian-lts-announce] 20180419 [SECURITY] [DLA 1356-1] libreoffice security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html" + }, + { + "name": "https://gerrit.libreoffice.org/#/c/48756/", + "refsource": "MISC", + "url": "https://gerrit.libreoffice.org/#/c/48756/" + }, + { + "name": "https://gerrit.libreoffice.org/#/c/48757/", + "refsource": "MISC", + "url": "https://gerrit.libreoffice.org/#/c/48757/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10133.json b/2018/10xxx/CVE-2018-10133.json index 92ef582bc2f..d759c6b57d7 100644 --- a/2018/10xxx/CVE-2018-10133.json +++ b/2018/10xxx/CVE-2018-10133.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \\apps\\home\\controller\\ParserController.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vQAQv/Request-CVE-ID-PoC/blob/master/PbootCMS/v0.9.8/Getshll.md", - "refsource" : "MISC", - "url" : "https://github.com/vQAQv/Request-CVE-ID-PoC/blob/master/PbootCMS/v0.9.8/Getshll.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \\apps\\home\\controller\\ParserController.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/vQAQv/Request-CVE-ID-PoC/blob/master/PbootCMS/v0.9.8/Getshll.md", + "refsource": "MISC", + "url": "https://github.com/vQAQv/Request-CVE-ID-PoC/blob/master/PbootCMS/v0.9.8/Getshll.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10212.json b/2018/10xxx/CVE-2018-10212.json index 56a296443e1..e366f5e8499 100644 --- a/2018/10xxx/CVE-2018-10212.json +++ b/2018/10xxx/CVE-2018-10212.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10212/", - "refsource" : "MISC", - "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10212/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10212/", + "refsource": "MISC", + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10212/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10659.json b/2018/10xxx/CVE-2018-10659.json index 9f07e035595..3b71638e9ec 100644 --- a/2018/10xxx/CVE-2018-10659.json +++ b/2018/10xxx/CVE-2018-10659.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/", - "refsource" : "MISC", - "url" : "https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/" - }, - { - "name" : "https://www.axis.com/files/faq/Advisory_ACV-128401.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.axis.com/files/faq/Advisory_ACV-128401.pdf" - }, - { - "name" : "https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf", + "refsource": "CONFIRM", + "url": "https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf" + }, + { + "name": "https://www.axis.com/files/faq/Advisory_ACV-128401.pdf", + "refsource": "CONFIRM", + "url": "https://www.axis.com/files/faq/Advisory_ACV-128401.pdf" + }, + { + "name": "https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/", + "refsource": "MISC", + "url": "https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13683.json b/2018/13xxx/CVE-2018-13683.json index b0f048420d3..fa968501b2b 100644 --- a/2018/13xxx/CVE-2018-13683.json +++ b/2018/13xxx/CVE-2018-13683.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/exsulcoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/exsulcoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/exsulcoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/exsulcoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14260.json b/2018/14xxx/CVE-2018-14260.json index 29acca9fe21..b14a10dd3ef 100644 --- a/2018/14xxx/CVE-2018-14260.json +++ b/2018/14xxx/CVE-2018-14260.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageRotation method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6023." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-720", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-720" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageRotation method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6023." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-720", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-720" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17226.json b/2018/17xxx/CVE-2018-17226.json index ce6a71b911e..b11e7594c2e 100644 --- a/2018/17xxx/CVE-2018-17226.json +++ b/2018/17xxx/CVE-2018-17226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17226", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17226", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17332.json b/2018/17xxx/CVE-2018-17332.json index e2d161d3b01..ecdbecc3bb7 100644 --- a/2018/17xxx/CVE-2018-17332.json +++ b/2018/17xxx/CVE-2018-17332.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/agambier/libsvg2/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/agambier/libsvg2/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/agambier/libsvg2/issues/2", + "refsource": "MISC", + "url": "https://github.com/agambier/libsvg2/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17592.json b/2018/17xxx/CVE-2018-17592.json index 967e8421aec..6beeda4b501 100644 --- a/2018/17xxx/CVE-2018-17592.json +++ b/2018/17xxx/CVE-2018-17592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17602.json b/2018/17xxx/CVE-2018-17602.json index c24c5735d01..4111295bd7d 100644 --- a/2018/17xxx/CVE-2018-17602.json +++ b/2018/17xxx/CVE-2018-17602.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17602", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17602", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17644.json b/2018/17xxx/CVE-2018-17644.json index 41052d2f3c2..51ad3fcd6cc 100644 --- a/2018/17xxx/CVE-2018-17644.json +++ b/2018/17xxx/CVE-2018-17644.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6481." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1197/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1197/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6481." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1197/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1197/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20146.json b/2018/20xxx/CVE-2018-20146.json index 931e0f045ed..7e2ab71d1a0 100644 --- a/2018/20xxx/CVE-2018-20146.json +++ b/2018/20xxx/CVE-2018-20146.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.liquidware.com/content/pdf/documents/support/Liquidware-ProfileUnity-Release-Notes.pdf", - "refsource" : "MISC", - "url" : "https://www.liquidware.com/content/pdf/documents/support/Liquidware-ProfileUnity-Release-Notes.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.liquidware.com/content/pdf/documents/support/Liquidware-ProfileUnity-Release-Notes.pdf", + "refsource": "MISC", + "url": "https://www.liquidware.com/content/pdf/documents/support/Liquidware-ProfileUnity-Release-Notes.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20454.json b/2018/20xxx/CVE-2018-20454.json index 9d4771fb30b..9150621f058 100644 --- a/2018/20xxx/CVE-2018-20454.json +++ b/2018/20xxx/CVE-2018-20454.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/coolboy0816/audit/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/coolboy0816/audit/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/coolboy0816/audit/issues/1", + "refsource": "MISC", + "url": "https://github.com/coolboy0816/audit/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20690.json b/2018/20xxx/CVE-2018-20690.json index d382b222722..8af61c2151a 100644 --- a/2018/20xxx/CVE-2018-20690.json +++ b/2018/20xxx/CVE-2018-20690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9029.json b/2018/9xxx/CVE-2018-9029.json index 655b119ed09..478a0a50aa4 100644 --- a/2018/9xxx/CVE-2018-9029.json +++ b/2018/9xxx/CVE-2018-9029.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@ca.com", - "DATE_PUBLIC" : "2018-06-14T00:00:00", - "ID" : "CVE-2018-9029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CA Privileged Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.x" - } - ] - } - } - ] - }, - "vendor_name" : "CA Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@ca.com", + "DATE_PUBLIC": "2018-06-14T00:00:00", + "ID": "CVE-2018-9029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CA Privileged Access Manager", + "version": { + "version_data": [ + { + "version_value": "2.x" + } + ] + } + } + ] + }, + "vendor_name": "CA Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" - }, - { - "name" : "104496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104496" + }, + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9456.json b/2018/9xxx/CVE-2018-9456.json index 0483f0b2e60..6d212216520 100644 --- a/2018/9xxx/CVE-2018-9456.json +++ b/2018/9xxx/CVE-2018-9456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9502.json b/2018/9xxx/CVE-2018-9502.json index b3aa4dc12ab..2c0e6db78fb 100644 --- a/2018/9xxx/CVE-2018-9502.json +++ b/2018/9xxx/CVE-2018-9502.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2018-9502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111936792" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2018-9502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf,", - "refsource" : "MISC", - "url" : "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf," - }, - { - "name" : "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b", - "refsource" : "MISC", - "url" : "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b" - }, - { - "name" : "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85,", - "refsource" : "MISC", - "url" : "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85," - }, - { - "name" : "https://source.android.com/security/bulletin/2018-10-01,", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-10-01," - }, - { - "name" : "105482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111936792" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf,", + "refsource": "MISC", + "url": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf," + }, + { + "name": "105482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105482" + }, + { + "name": "https://source.android.com/security/bulletin/2018-10-01,", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-10-01," + }, + { + "name": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b", + "refsource": "MISC", + "url": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b" + }, + { + "name": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85,", + "refsource": "MISC", + "url": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85," + } + ] + } +} \ No newline at end of file