From de32569473997577c027ec5202663bd8ed1d6a24 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:27:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1395.json | 180 ++++++++++---------- 2003/0xxx/CVE-2003-0382.json | 140 +++++++-------- 2003/0xxx/CVE-2003-0586.json | 120 ++++++------- 2003/0xxx/CVE-2003-0620.json | 140 +++++++-------- 2003/0xxx/CVE-2003-0647.json | 130 +++++++------- 2003/1xxx/CVE-2003-1531.json | 170 +++++++++---------- 2004/0xxx/CVE-2004-0076.json | 34 ++-- 2004/0xxx/CVE-2004-0147.json | 34 ++-- 2004/0xxx/CVE-2004-0482.json | 210 +++++++++++------------ 2004/2xxx/CVE-2004-2008.json | 160 +++++++++--------- 2004/2xxx/CVE-2004-2461.json | 160 +++++++++--------- 2004/2xxx/CVE-2004-2719.json | 150 ++++++++--------- 2008/2xxx/CVE-2008-2104.json | 180 ++++++++++---------- 2008/2xxx/CVE-2008-2105.json | 210 +++++++++++------------ 2008/2xxx/CVE-2008-2510.json | 140 +++++++-------- 2008/2xxx/CVE-2008-2699.json | 140 +++++++-------- 2008/2xxx/CVE-2008-2868.json | 170 +++++++++---------- 2012/0xxx/CVE-2012-0723.json | 190 ++++++++++----------- 2012/0xxx/CVE-2012-0770.json | 170 +++++++++---------- 2012/0xxx/CVE-2012-0981.json | 140 +++++++-------- 2012/1xxx/CVE-2012-1163.json | 170 +++++++++---------- 2012/1xxx/CVE-2012-1674.json | 150 ++++++++--------- 2012/1xxx/CVE-2012-1719.json | 300 ++++++++++++++++----------------- 2012/5xxx/CVE-2012-5168.json | 200 +++++++++++----------- 2012/5xxx/CVE-2012-5453.json | 150 ++++++++--------- 2012/5xxx/CVE-2012-5489.json | 160 +++++++++--------- 2017/11xxx/CVE-2017-11284.json | 140 +++++++-------- 2017/11xxx/CVE-2017-11876.json | 152 ++++++++--------- 2017/3xxx/CVE-2017-3108.json | 142 ++++++++-------- 2017/3xxx/CVE-2017-3110.json | 142 ++++++++-------- 2017/3xxx/CVE-2017-3150.json | 138 +++++++-------- 2017/3xxx/CVE-2017-3196.json | 150 ++++++++--------- 2017/3xxx/CVE-2017-3269.json | 146 ++++++++-------- 2017/3xxx/CVE-2017-3462.json | 188 ++++++++++----------- 2017/7xxx/CVE-2017-7071.json | 130 +++++++------- 2017/7xxx/CVE-2017-7104.json | 190 ++++++++++----------- 2017/7xxx/CVE-2017-7215.json | 170 +++++++++---------- 2017/7xxx/CVE-2017-7563.json | 120 ++++++------- 2017/8xxx/CVE-2017-8277.json | 130 +++++++------- 2017/8xxx/CVE-2017-8351.json | 140 +++++++-------- 2017/8xxx/CVE-2017-8379.json | 170 +++++++++---------- 2017/8xxx/CVE-2017-8678.json | 152 ++++++++--------- 2017/8xxx/CVE-2017-8933.json | 130 +++++++------- 2018/10xxx/CVE-2018-10007.json | 34 ++-- 2018/10xxx/CVE-2018-10763.json | 130 +++++++------- 2018/10xxx/CVE-2018-10797.json | 34 ++-- 2018/10xxx/CVE-2018-10852.json | 170 +++++++++---------- 2018/10xxx/CVE-2018-10899.json | 34 ++-- 2018/13xxx/CVE-2018-13155.json | 120 ++++++------- 2018/13xxx/CVE-2018-13288.json | 34 ++-- 2018/13xxx/CVE-2018-13655.json | 130 +++++++------- 2018/13xxx/CVE-2018-13971.json | 34 ++-- 2018/17xxx/CVE-2018-17239.json | 34 ++-- 2018/17xxx/CVE-2018-17285.json | 34 ++-- 2018/17xxx/CVE-2018-17625.json | 130 +++++++------- 2018/9xxx/CVE-2018-9632.json | 34 ++-- 2018/9xxx/CVE-2018-9714.json | 34 ++-- 57 files changed, 3807 insertions(+), 3807 deletions(-) diff --git a/2002/1xxx/CVE-2002-1395.json b/2002/1xxx/CVE-2002-1395.json index aabe8150b33..88116e2c351 100644 --- a/2002/1xxx/CVE-2002-1395.json +++ b/2002/1xxx/CVE-2002-1395.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-202", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-202" - }, - { - "name" : "RHSA-2003:039", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-039.html" - }, - { - "name" : "6307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6307" - }, - { - "name" : "8166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8166" - }, - { - "name" : "8242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8242" - }, - { - "name" : "im-impwagent-insecure-directory(10766)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10766.php" - }, - { - "name" : "im-immknmz-symlink(10767)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10767.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-202", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-202" + }, + { + "name": "im-impwagent-insecure-directory(10766)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10766.php" + }, + { + "name": "6307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6307" + }, + { + "name": "8242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8242" + }, + { + "name": "8166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8166" + }, + { + "name": "im-immknmz-symlink(10767)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10767.php" + }, + { + "name": "RHSA-2003:039", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-039.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0382.json b/2003/0xxx/CVE-2003-0382.json index b44fce41ec0..6839325d90a 100644 --- a/2003/0xxx/CVE-2003-0382.json +++ b/2003/0xxx/CVE-2003-0382.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030509 BAZARR CODE NINER PINK TEAM GO GO GO", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105427580626001&w=2" - }, - { - "name" : "DSA-309", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-309" - }, - { - "name" : "7708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-309", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-309" + }, + { + "name": "20030509 BAZARR CODE NINER PINK TEAM GO GO GO", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105427580626001&w=2" + }, + { + "name": "7708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7708" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0586.json b/2003/0xxx/CVE-2003-0586.json index 8bf4b1572a5..e6c9058a929 100644 --- a/2003/0xxx/CVE-2003-0586.json +++ b/2003/0xxx/CVE-2003-0586.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030717 eStore SQL Injection Vulnerability & Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105845898003616&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030717 eStore SQL Injection Vulnerability & Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105845898003616&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0620.json b/2003/0xxx/CVE-2003-0620.json index 5018568d9af..77d46506420 100644 --- a/2003/0xxx/CVE-2003-0620.json +++ b/2003/0xxx/CVE-2003-0620.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030729 man-db[] multiple(4) vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105951284512898&w=2" - }, - { - "name" : "20030730 Re: man-db[] multiple(4) vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105960276803617&w=2" - }, - { - "name" : "DSA-364", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030729 man-db[] multiple(4) vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105951284512898&w=2" + }, + { + "name": "20030730 Re: man-db[] multiple(4) vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105960276803617&w=2" + }, + { + "name": "DSA-364", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-364" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0647.json b/2003/0xxx/CVE-2003-0647.json index 50153ba22b2..3032b5a9192 100644 --- a/2003/0xxx/CVE-2003-0647.json +++ b/2003/0xxx/CVE-2003-0647.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030731 Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml" - }, - { - "name" : "VU#579324", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/579324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030731 Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml" + }, + { + "name": "VU#579324", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/579324" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1531.json b/2003/1xxx/CVE-2003-1531.json index 616778dcfee..bc2d17d261a 100644 --- a/2003/1xxx/CVE-2003-1531.json +++ b/2003/1xxx/CVE-2003-1531.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030327 [SCSA-013] Cross Site Scripting vulnerability in testcgi.exe", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104878375423320&w=2" - }, - { - "name" : "http://www.security-corporation.com/index.php?id=advisories&a=013-FR", - "refsource" : "MISC", - "url" : "http://www.security-corporation.com/index.php?id=advisories&a=013-FR" - }, - { - "name" : "7214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7214" - }, - { - "name" : "1006391", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006391" - }, - { - "name" : "8456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8456" - }, - { - "name" : "ceilidh-textcgi-xss(11638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.security-corporation.com/index.php?id=advisories&a=013-FR", + "refsource": "MISC", + "url": "http://www.security-corporation.com/index.php?id=advisories&a=013-FR" + }, + { + "name": "20030327 [SCSA-013] Cross Site Scripting vulnerability in testcgi.exe", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104878375423320&w=2" + }, + { + "name": "7214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7214" + }, + { + "name": "8456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8456" + }, + { + "name": "ceilidh-textcgi-xss(11638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11638" + }, + { + "name": "1006391", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006391" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0076.json b/2004/0xxx/CVE-2004-0076.json index 3a119eae98d..8871ed66017 100644 --- a/2004/0xxx/CVE-2004-0076.json +++ b/2004/0xxx/CVE-2004-0076.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0076", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was removed from consideration by its Candidate Numbering Authority. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0076", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was removed from consideration by its Candidate Numbering Authority. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0147.json b/2004/0xxx/CVE-2004-0147.json index 72d6eb992e9..bb0a4571db0 100644 --- a/2004/0xxx/CVE-2004-0147.json +++ b/2004/0xxx/CVE-2004-0147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0147", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0147", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0482.json b/2004/0xxx/CVE-2004-0482.json index 32bee803e9e..cbf206c9997 100644 --- a/2004/0xxx/CVE-2004-0482.json +++ b/2004/0xxx/CVE-2004-0482.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other unauthorized activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040517 OpenBSD procfs", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=108481812926420&w=2" - }, - { - "name" : "http://www.deprotect.com/advisories/DEPROTECT-20041305.txt", - "refsource" : "MISC", - "url" : "http://www.deprotect.com/advisories/DEPROTECT-20041305.txt" - }, - { - "name" : "[openbsd-security-announce] 20040513 procfs vulnerability", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=openbsd-security-announce&m=108445767103004&w=2" - }, - { - "name" : "20040513 [3.4] 020: SECURITY FIX: May 13, 2004", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata34.html" - }, - { - "name" : "20040513 [3.5] 006: SECURITY FIX: May 13, 2004", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata35.html" - }, - { - "name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch" - }, - { - "name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch" - }, - { - "name" : "6114", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6114" - }, - { - "name" : "11605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11605" - }, - { - "name" : "openbsd-procfs-gain-privileges(16226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other unauthorized activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openbsd-procfs-gain-privileges(16226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16226" + }, + { + "name": "20040517 OpenBSD procfs", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=108481812926420&w=2" + }, + { + "name": "20040513 [3.5] 006: SECURITY FIX: May 13, 2004", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata35.html" + }, + { + "name": "20040513 [3.4] 020: SECURITY FIX: May 13, 2004", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata34.html" + }, + { + "name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch" + }, + { + "name": "http://www.deprotect.com/advisories/DEPROTECT-20041305.txt", + "refsource": "MISC", + "url": "http://www.deprotect.com/advisories/DEPROTECT-20041305.txt" + }, + { + "name": "6114", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6114" + }, + { + "name": "11605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11605" + }, + { + "name": "[openbsd-security-announce] 20040513 procfs vulnerability", + "refsource": "MLIST", + "url": "http://marc.info/?l=openbsd-security-announce&m=108445767103004&w=2" + }, + { + "name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2008.json b/2004/2xxx/CVE-2004-2008.json index 17d4f65a5fd..50c8fd94023 100644 --- a/2004/2xxx/CVE-2004-2008.json +++ b/2004/2xxx/CVE-2004-2008.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040508 [waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108404714232579&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=28", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=28" - }, - { - "name" : "10306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10306" - }, - { - "name" : "11579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11579" - }, - { - "name" : "nukejokes-sql-injection(16099)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nukejokes-sql-injection(16099)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16099" + }, + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=28", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=28" + }, + { + "name": "20040508 [waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108404714232579&w=2" + }, + { + "name": "11579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11579" + }, + { + "name": "10306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10306" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2461.json b/2004/2xxx/CVE-2004-2461.json index 475bfbd9964..544ded12164 100644 --- a/2004/2xxx/CVE-2004-2461.json +++ b/2004/2xxx/CVE-2004-2461.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gnubiff.sourceforge.net/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://gnubiff.sourceforge.net/changelog.php" - }, - { - "name" : "11123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11123" - }, - { - "name" : "9731", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9731" - }, - { - "name" : "12445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12445" - }, - { - "name" : "gnubiff-pop3-dos(17282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11123" + }, + { + "name": "http://gnubiff.sourceforge.net/changelog.php", + "refsource": "CONFIRM", + "url": "http://gnubiff.sourceforge.net/changelog.php" + }, + { + "name": "12445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12445" + }, + { + "name": "gnubiff-pop3-dos(17282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17282" + }, + { + "name": "9731", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9731" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2719.json b/2004/2xxx/CVE-2004-2719.json index cee9677ee7a..26bc64ff352 100644 --- a/2004/2xxx/CVE-2004-2719.json +++ b/2004/2xxx/CVE-2004-2719.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "164", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/164" - }, - { - "name" : "9954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9954" - }, - { - "name" : "11231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11231" - }, - { - "name" : "foxmail-punylib-bo(15640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "foxmail-punylib-bo(15640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15640" + }, + { + "name": "9954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9954" + }, + { + "name": "164", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/164" + }, + { + "name": "11231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11231" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2104.json b/2008/2xxx/CVE-2008-2104.json index d320dae76fd..f849be18127 100644 --- a/2008/2xxx/CVE-2008-2104.json +++ b/2008/2xxx/CVE-2008-2104.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/2.20.5/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/2.20.5/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=415471", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=415471" - }, - { - "name" : "29038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29038" - }, - { - "name" : "ADV-2008-1428", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1428/references" - }, - { - "name" : "1019968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019968" - }, - { - "name" : "30064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30064" - }, - { - "name" : "bugzilla-xmlrpc-security-bypass(42218)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29038" + }, + { + "name": "1019968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019968" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471" + }, + { + "name": "30064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30064" + }, + { + "name": "bugzilla-xmlrpc-security-bypass(42218)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42218" + }, + { + "name": "http://www.bugzilla.org/security/2.20.5/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/2.20.5/" + }, + { + "name": "ADV-2008-1428", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1428/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2105.json b/2008/2xxx/CVE-2008-2105.json index ddaa1c3a4ed..cf5abe3eead 100644 --- a/2008/2xxx/CVE-2008-2105.json +++ b/2008/2xxx/CVE-2008-2105.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/2.20.5/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/2.20.5/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419188", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419188" - }, - { - "name" : "FEDORA-2008-3442", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html" - }, - { - "name" : "FEDORA-2008-3488", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html" - }, - { - "name" : "29038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29038" - }, - { - "name" : "ADV-2008-1428", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1428/references" - }, - { - "name" : "1019969", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019969" - }, - { - "name" : "30064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30064" - }, - { - "name" : "30167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30167" - }, - { - "name" : "bugzilla-emailin-security-bypass(42235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019969", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019969" + }, + { + "name": "29038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29038" + }, + { + "name": "30167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30167" + }, + { + "name": "FEDORA-2008-3442", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html" + }, + { + "name": "bugzilla-emailin-security-bypass(42235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42235" + }, + { + "name": "FEDORA-2008-3488", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=419188", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=419188" + }, + { + "name": "30064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30064" + }, + { + "name": "http://www.bugzilla.org/security/2.20.5/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/2.20.5/" + }, + { + "name": "ADV-2008-1428", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1428/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2510.json b/2008/2xxx/CVE-2008-2510.json index 23e2fc1c176..95381c017a4 100644 --- a/2008/2xxx/CVE-2008-2510.json +++ b/2008/2xxx/CVE-2008-2510.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080524 vuln in WordPress plugin Upload File(UP)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492555/100/0/threaded" - }, - { - "name" : "29352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29352" - }, - { - "name" : "uploadfile-wpuploadfile-sql-injection(42659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29352" + }, + { + "name": "20080524 vuln in WordPress plugin Upload File(UP)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492555/100/0/threaded" + }, + { + "name": "uploadfile-wpuploadfile-sql-injection(42659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42659" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2699.json b/2008/2xxx/CVE-2008-2699.json index 55beb04457f..2cc6c1b9872 100644 --- a/2008/2xxx/CVE-2008-2699.json +++ b/2008/2xxx/CVE-2008-2699.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5758", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5758" - }, - { - "name" : "29595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29595" - }, - { - "name" : "galatolo-index-file-include(42923)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5758", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5758" + }, + { + "name": "29595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29595" + }, + { + "name": "galatolo-index-file-include(42923)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42923" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2868.json b/2008/2xxx/CVE-2008-2868.json index e832766934e..2e23a4576fd 100644 --- a/2008/2xxx/CVE-2008-2868.json +++ b/2008/2xxx/CVE-2008-2868.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5927", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5927" - }, - { - "name" : "29919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29919" - }, - { - "name" : "ADV-2008-1924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1924" - }, - { - "name" : "1020358", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020358" - }, - { - "name" : "30774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30774" - }, - { - "name" : "ducalendar-detail-sql-injection(43325)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ducalendar-detail-sql-injection(43325)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43325" + }, + { + "name": "29919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29919" + }, + { + "name": "30774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30774" + }, + { + "name": "1020358", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020358" + }, + { + "name": "ADV-2008-1924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1924" + }, + { + "name": "5927", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5927" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0723.json b/2012/0xxx/CVE-2012-0723.json index 8b398c6fe1d..59eab071196 100644 --- a/2012/0xxx/CVE-2012-0723.json +++ b/2012/0xxx/CVE-2012-0723.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc" - }, - { - "name" : "IV22693", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22693" - }, - { - "name" : "IV22694", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22694" - }, - { - "name" : "IV22695", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22695" - }, - { - "name" : "IV22696", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22696" - }, - { - "name" : "IV22697", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22697" - }, - { - "name" : "1027315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027315" - }, - { - "name" : "aix-dupmsg-dos(74134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV22696", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22696" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc" + }, + { + "name": "IV22694", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22694" + }, + { + "name": "IV22697", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22697" + }, + { + "name": "aix-dupmsg-dos(74134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74134" + }, + { + "name": "1027315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027315" + }, + { + "name": "IV22695", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22695" + }, + { + "name": "IV22693", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22693" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0770.json b/2012/0xxx/CVE-2012-0770.json index 43aeba06ea7..84e97d6d331 100644 --- a/2012/0xxx/CVE-2012-0770.json +++ b/2012/0xxx/CVE-2012-0770.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-06.html" - }, - { - "name" : "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html" - }, - { - "name" : "80008", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80008" - }, - { - "name" : "1026830", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026830" - }, - { - "name" : "48393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48393" - }, - { - "name" : "adobe-coldfusion-hash-dos(73955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026830", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026830" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-06.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-06.html" + }, + { + "name": "80008", + "refsource": "OSVDB", + "url": "http://osvdb.org/80008" + }, + { + "name": "48393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48393" + }, + { + "name": "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html" + }, + { + "name": "adobe-coldfusion-hash-dos(73955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73955" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0981.json b/2012/0xxx/CVE-2012-0981.json index 847d072331d..ca7ffe2f190 100644 --- a/2012/0xxx/CVE-2012-0981.json +++ b/2012/0xxx/CVE-2012-0981.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18435", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18435" - }, - { - "name" : "47802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47802" - }, - { - "name" : "phpshowtime-index-directory-traversal(72824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47802" + }, + { + "name": "18435", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18435" + }, + { + "name": "phpshowtime-index-directory-traversal(72824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72824" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1163.json b/2012/1xxx/CVE-2012-1163.json index 12c59390ae9..392a92d0543 100644 --- a/2012/1xxx/CVE-2012-1163.json +++ b/2012/1xxx/CVE-2012-1163.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", - "refsource" : "MLIST", - "url" : "http://nih.at/listarchive/libzip-discuss/msg00252.html" - }, - { - "name" : "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/21/2" - }, - { - "name" : "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/29/11" - }, - { - "name" : "http://www.nih.at/libzip/NEWS.html", - "refsource" : "CONFIRM", - "url" : "http://www.nih.at/libzip/NEWS.html" - }, - { - "name" : "GLSA-201203-23", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml" - }, - { - "name" : "MDVSA-2012:034", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", + "refsource": "MLIST", + "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html" + }, + { + "name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2" + }, + { + "name": "MDVSA-2012:034", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034" + }, + { + "name": "http://www.nih.at/libzip/NEWS.html", + "refsource": "CONFIRM", + "url": "http://www.nih.at/libzip/NEWS.html" + }, + { + "name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11" + }, + { + "name": "GLSA-201203-23", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1674.json b/2012/1xxx/CVE-2012-1674.json index bb72142e5f5..45958b45cf5 100644 --- a/2012/1xxx/CVE-2012-1674.json +++ b/2012/1xxx/CVE-2012-1674.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI, a different vulnerability than CVE-2012-0582." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026952", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026952" - }, - { - "name" : "48885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI, a different vulnerability than CVE-2012-0582." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48885" + }, + { + "name": "1026952", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026952" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1719.json b/2012/1xxx/CVE-2012-1719.json index b128b6e11f4..3216c9c46e5 100644 --- a/2012/1xxx/CVE-2012-1719.json +++ b/2012/1xxx/CVE-2012-1719.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21615246", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21615246" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02805", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" - }, - { - "name" : "SSRT100919", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" - }, - { - "name" : "MDVSA-2012:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095" - }, - { - "name" : "RHSA-2012:1243", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1243.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2012:0734", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0734.html" - }, - { - "name" : "SUSE-SU-2012:1231", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" - }, - { - "name" : "SUSE-SU-2012:1177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html" - }, - { - "name" : "SUSE-SU-2012:1265", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" - }, - { - "name" : "SUSE-SU-2012:1204", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html" - }, - { - "name" : "53950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53950" - }, - { - "name" : "oval:org.mitre.oval:def:16312", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16312" - }, - { - "name" : "50659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50659" - }, - { - "name" : "51080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1265", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "SUSE-SU-2012:1177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html" + }, + { + "name": "SUSE-SU-2012:1231", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" + }, + { + "name": "RHSA-2012:0734", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0734.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" + }, + { + "name": "RHSA-2012:1243", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1243.html" + }, + { + "name": "53950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53950" + }, + { + "name": "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html" + }, + { + "name": "50659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50659" + }, + { + "name": "SSRT100919", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2" + }, + { + "name": "SUSE-SU-2012:1204", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "oval:org.mitre.oval:def:16312", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16312" + }, + { + "name": "MDVSA-2012:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21615246", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21615246" + }, + { + "name": "51080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51080" + }, + { + "name": "HPSBUX02805", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5168.json b/2012/5xxx/CVE-2012-5168.json index 8b043b54286..2357ec2fa83 100644 --- a/2012/5xxx/CVE-2012-5168.json +++ b/2012/5xxx/CVE-2012-5168.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121017 Multiple vulnerabilities in AContent", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23117", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23117" - }, - { - "name" : "http://update.atutor.ca/acontent/patch/1_2/", - "refsource" : "CONFIRM", - "url" : "http://update.atutor.ca/acontent/patch/1_2/" - }, - { - "name" : "56100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56100" - }, - { - "name" : "86428", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86428" - }, - { - "name" : "51014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51014" - }, - { - "name" : "51034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51034" - }, - { - "name" : "acontent-indexinlineeditorsubmit-sec-bypass(79462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79462" - }, - { - "name" : "acontent-pwd-field-security-bypass(79461)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51014" + }, + { + "name": "86428", + "refsource": "OSVDB", + "url": "http://osvdb.org/86428" + }, + { + "name": "56100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56100" + }, + { + "name": "20121017 Multiple vulnerabilities in AContent", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html" + }, + { + "name": "http://update.atutor.ca/acontent/patch/1_2/", + "refsource": "CONFIRM", + "url": "http://update.atutor.ca/acontent/patch/1_2/" + }, + { + "name": "acontent-pwd-field-security-bypass(79461)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79461" + }, + { + "name": "acontent-indexinlineeditorsubmit-sec-bypass(79462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79462" + }, + { + "name": "51034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51034" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23117", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23117" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5453.json b/2012/5xxx/CVE-2012-5453.json index 1bda56f7925..3ae1424ed65 100644 --- a/2012/5xxx/CVE-2012-5453.json +++ b/2012/5xxx/CVE-2012-5453.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23117", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23117" - }, - { - "name" : "56237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56237" - }, - { - "name" : "86424", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86424" - }, - { - "name" : "51034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56237" + }, + { + "name": "51034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51034" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23117", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23117" + }, + { + "name": "86424", + "refsource": "OSVDB", + "url": "http://osvdb.org/86424" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5489.json b/2012/5xxx/CVE-2012-5489.json index 54b62e0a7fe..309d28ac515 100644 --- a/2012/5xxx/CVE-2012-5489.json +++ b/2012/5xxx/CVE-2012-5489.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://bugs.launchpad.net/zope2/+bug/1079238", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/zope2/+bug/1079238" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121106", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121106" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/05", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/05" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/05", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/05" + }, + { + "name": "https://bugs.launchpad.net/zope2/+bug/1079238", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/zope2/+bug/1079238" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121106", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121106" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11284.json b/2017/11xxx/CVE-2017-11284.json index d8e99ad7005..d86ff1a1e64 100644 --- a/2017/11xxx/CVE-2017-11284.json +++ b/2017/11xxx/CVE-2017-11284.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Vulnerable 3rd Party Library" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", + "version": { + "version_data": [ + { + "version_value": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" - }, - { - "name" : "100708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100708" - }, - { - "name" : "1039321", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Vulnerable 3rd Party Library" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" + }, + { + "name": "1039321", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039321" + }, + { + "name": "100708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100708" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11876.json b/2017/11xxx/CVE-2017-11876.json index eac30bd3c97..b6c4754e490 100644 --- a/2017/11xxx/CVE-2017-11876.json +++ b/2017/11xxx/CVE-2017-11876.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Server", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka \"Microsoft Project Server Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Server", + "version": { + "version_data": [ + { + "version_value": "Microsoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876" - }, - { - "name" : "101754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101754" - }, - { - "name" : "1039788", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039788" - }, - { - "name" : "1039789", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka \"Microsoft Project Server Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039789", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039789" + }, + { + "name": "1039788", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039788" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876" + }, + { + "name": "101754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101754" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3108.json b/2017/3xxx/CVE-2017-3108.json index 27dbc120353..0fcd3e2d76c 100644 --- a/2017/3xxx/CVE-2017-3108.json +++ b/2017/3xxx/CVE-2017-3108.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-3108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Experience Manager", - "version" : { - "version_data" : [ - { - "version_value" : "AEM 6.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Malicious file execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-3108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_value": "AEM 6.2 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html" - }, - { - "name" : "100195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100195" - }, - { - "name" : "1039099", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Malicious file execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100195" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html" + }, + { + "name": "1039099", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039099" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3110.json b/2017/3xxx/CVE-2017-3110.json index f449201cca0..9c64a1b9924 100644 --- a/2017/3xxx/CVE-2017-3110.json +++ b/2017/3xxx/CVE-2017-3110.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-3110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Experience Manager", - "version" : { - "version_data" : [ - { - "version_value" : "AEM 6.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sensitive Data Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-3110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_value": "AEM 6.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html" - }, - { - "name" : "100192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100192" - }, - { - "name" : "1039099", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive Data Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100192" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html" + }, + { + "name": "1039099", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039099" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3150.json b/2017/3xxx/CVE-2017-3150.json index af49c34f147..7c1337252ed 100644 --- a/2017/3xxx/CVE-2017-3150.json +++ b/2017/3xxx/CVE-2017-3150.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-05-07T00:00:00", - "ID" : "CVE-2017-3150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Atlas", - "version" : { - "version_data" : [ - { - "version_value" : "0.6.0-incubating" - }, - { - "version_value" : "0.7.0-incubating" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of insecure cookies" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-05-07T00:00:00", + "ID": "CVE-2017-3150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Atlas", + "version": { + "version_data": [ + { + "version_value": "0.6.0-incubating" + }, + { + "version_value": "0.7.0-incubating" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E" - }, - { - "name" : "100536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of insecure cookies" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E" + }, + { + "name": "100536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100536" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3196.json b/2017/3xxx/CVE-2017-3196.json index 1f50ed549e4..f536dab6d46 100644 --- a/2017/3xxx/CVE-2017-3196.json +++ b/2017/3xxx/CVE-2017-3196.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ASUS PCE-AC56 WLAN Card Utilities", - "version" : { - "version_data" : [ - { - "version_value" : "Unknown" - } - ] - } - } - ] - }, - "vendor_name" : "Printing Communications Assoc., Inc. (PCAUSA)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASUS PCE-AC56 WLAN Card Utilities", + "version": { + "version_data": [ + { + "version_value": "Unknown" + } + ] + } + } + ] + }, + "vendor_name": "Printing Communications Assoc., Inc. (PCAUSA)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.rewolf.pl/blog/?p=1778", - "refsource" : "MISC", - "url" : "http://blog.rewolf.pl/blog/?p=1778" - }, - { - "name" : "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/", - "refsource" : "MISC", - "url" : "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/" - }, - { - "name" : "VU#600671", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/600671" - }, - { - "name" : "96993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96993/discuss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.rewolf.pl/blog/?p=1778", + "refsource": "MISC", + "url": "http://blog.rewolf.pl/blog/?p=1778" + }, + { + "name": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/", + "refsource": "MISC", + "url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/" + }, + { + "name": "VU#600671", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/600671" + }, + { + "name": "96993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96993/discuss" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3269.json b/2017/3xxx/CVE-2017-3269.json index a2a92b986e5..eb13e530300 100644 --- a/2017/3xxx/CVE-2017-3269.json +++ b/2017/3xxx/CVE-2017-3269.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95524" - }, - { - "name" : "1037631", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037631", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037631" + }, + { + "name": "95524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95524" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3462.json b/2017/3xxx/CVE-2017-3462.json index 5a90b962a1e..ee508819e85 100644 --- a/2017/3xxx/CVE-2017-3462.json +++ b/2017/3xxx/CVE-2017-3462.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.54 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.6.35 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.54 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.6.35 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "DSA-3834", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3834" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "97851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97851" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97851" + }, + { + "name": "DSA-3834", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3834" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7071.json b/2017/7xxx/CVE-2017-7071.json index f878edefc74..5423f442dd7 100644 --- a/2017/7xxx/CVE-2017-7071.json +++ b/2017/7xxx/CVE-2017-7071.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "100613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100613" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7104.json b/2017/7xxx/CVE-2017-7104.json index 221e49ec8e7..89224b9d676 100644 --- a/2017/7xxx/CVE-2017-7104.json +++ b/2017/7xxx/CVE-2017-7104.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "https://support.apple.com/HT208141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208141" - }, - { - "name" : "https://support.apple.com/HT208142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208142" - }, - { - "name" : "100994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100994" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - }, - { - "name" : "1039428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100994" + }, + { + "name": "https://support.apple.com/HT208141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208141" + }, + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "https://support.apple.com/HT208142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208142" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "1039428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039428" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7215.json b/2017/7xxx/CVE-2017-7215.json index 3e05ad2696a..3148bbd7e39 100644 --- a/2017/7xxx/CVE-2017-7215.json +++ b/2017/7xxx/CVE-2017-7215.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortiguard.com/advisory/FG-VD-17-021", - "refsource" : "MISC", - "url" : "http://www.fortiguard.com/advisory/FG-VD-17-021" - }, - { - "name" : "https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f", - "refsource" : "CONFIRM", - "url" : "https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f" - }, - { - "name" : "https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996", - "refsource" : "CONFIRM", - "url" : "https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996" - }, - { - "name" : "https://www.misp.software/2017/03/10/MISP.2.4.69.released.html", - "refsource" : "CONFIRM", - "url" : "https://www.misp.software/2017/03/10/MISP.2.4.69.released.html" - }, - { - "name" : "https://www.misp.software/Changelog.txt", - "refsource" : "CONFIRM", - "url" : "https://www.misp.software/Changelog.txt" - }, - { - "name" : "96997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96997" + }, + { + "name": "https://www.misp.software/Changelog.txt", + "refsource": "CONFIRM", + "url": "https://www.misp.software/Changelog.txt" + }, + { + "name": "http://www.fortiguard.com/advisory/FG-VD-17-021", + "refsource": "MISC", + "url": "http://www.fortiguard.com/advisory/FG-VD-17-021" + }, + { + "name": "https://www.misp.software/2017/03/10/MISP.2.4.69.released.html", + "refsource": "CONFIRM", + "url": "https://www.misp.software/2017/03/10/MISP.2.4.69.released.html" + }, + { + "name": "https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f", + "refsource": "CONFIRM", + "url": "https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f" + }, + { + "name": "https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996", + "refsource": "CONFIRM", + "url": "https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7563.json b/2017/7xxx/CVE-2017-7563.json index bf34f677fe6..edc2a5cac15 100644 --- a/2017/7xxx/CVE-2017-7563.json +++ b/2017/7xxx/CVE-2017-7563.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3", - "refsource" : "CONFIRM", - "url" : "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3", + "refsource": "CONFIRM", + "url": "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8277.json b/2017/8xxx/CVE-2017-8277.json index 6cf6daeee25..f58e276f933 100644 --- a/2017/8xxx/CVE-2017-8277.json +++ b/2017/8xxx/CVE-2017-8277.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-8277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-8277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100658" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8351.json b/2017/8xxx/CVE-2017-8351.json index a47267a0239..81f53bb926c 100644 --- a/2017/8xxx/CVE-2017-8351.json +++ b/2017/8xxx/CVE-2017-8351.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/448", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/448" - }, - { - "name" : "DSA-3863", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3863" - }, - { - "name" : "98371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98371" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/448", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/448" + }, + { + "name": "DSA-3863", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3863" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8379.json b/2017/8xxx/CVE-2017-8379.json index 68ed0acedf5..c60b305b607 100644 --- a/2017/8xxx/CVE-2017-8379.json +++ b/2017/8xxx/CVE-2017-8379.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/03/2" - }, - { - "name" : "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "GLSA-201706-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-03" - }, - { - "name" : "RHSA-2017:2408", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2408" - }, - { - "name" : "98277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html" + }, + { + "name": "GLSA-201706-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-03" + }, + { + "name": "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/05/03/2" + }, + { + "name": "RHSA-2017:2408", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2408" + }, + { + "name": "98277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98277" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8678.json b/2017/8xxx/CVE-2017-8678.json index 413e4fba385..e5e4f059754 100644 --- a/2017/8xxx/CVE-2017-8678.json +++ b/2017/8xxx/CVE-2017-8678.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows kernel", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42750", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42750/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678" - }, - { - "name" : "100769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100769" - }, - { - "name" : "1039325", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42750", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42750/" + }, + { + "name": "100769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100769" + }, + { + "name": "1039325", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039325" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8933.json b/2017/8xxx/CVE-2017-8933.json index 7757c7fd8fb..02a4d989ace 100644 --- a/2017/8xxx/CVE-2017-8933.json +++ b/2017/8xxx/CVE-2017-8933.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/862570", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/862570" - }, - { - "name" : "https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commit;h=56f66684592abf257c4004e6e1fff041c64a12ce", - "refsource" : "CONFIRM", - "url" : "https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commit;h=56f66684592abf257c4004e6e1fff041c64a12ce" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/862570", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/862570" + }, + { + "name": "https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commit;h=56f66684592abf257c4004e6e1fff041c64a12ce", + "refsource": "CONFIRM", + "url": "https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commit;h=56f66684592abf257c4004e6e1fff041c64a12ce" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10007.json b/2018/10xxx/CVE-2018-10007.json index 74ced1ae664..90bd8ed8beb 100644 --- a/2018/10xxx/CVE-2018-10007.json +++ b/2018/10xxx/CVE-2018-10007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10007", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10007", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10763.json b/2018/10xxx/CVE-2018-10763.json index 15f1f95480c..bce6b9d2ca2 100644 --- a/2018/10xxx/CVE-2018-10763.json +++ b/2018/10xxx/CVE-2018-10763.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45386", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45386/" - }, - { - "name" : "http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45386", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45386/" + }, + { + "name": "http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10797.json b/2018/10xxx/CVE-2018-10797.json index 6d9728cba89..ac07ed02f90 100644 --- a/2018/10xxx/CVE-2018-10797.json +++ b/2018/10xxx/CVE-2018-10797.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10797", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10797", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10852.json b/2018/10xxx/CVE-2018-10852.json index 604a09d836c..9772229279a 100644 --- a/2018/10xxx/CVE-2018-10852.json +++ b/2018/10xxx/CVE-2018-10852.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-10852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "sssd", - "version" : { - "version_data" : [ - { - "version_value" : "SSSD 1.16.3" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "sssd", + "version": { + "version_data": [ + { + "version_value": "SSSD 1.16.3" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180716 [SECURITY] [DLA 1429-1] sssd security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852" - }, - { - "name" : "RHSA-2018:3158", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3158" - }, - { - "name" : "104547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180716 [SECURITY] [DLA 1429-1] sssd security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852" + }, + { + "name": "RHSA-2018:3158", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3158" + }, + { + "name": "104547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104547" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10899.json b/2018/10xxx/CVE-2018-10899.json index 2cca223309a..22a64f1681b 100644 --- a/2018/10xxx/CVE-2018-10899.json +++ b/2018/10xxx/CVE-2018-10899.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10899", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10899", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13155.json b/2018/13xxx/CVE-2018-13155.json index c22453ed0c3..aa5865c0dc9 100644 --- a/2018/13xxx/CVE-2018-13155.json +++ b/2018/13xxx/CVE-2018-13155.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13288.json b/2018/13xxx/CVE-2018-13288.json index 90926b98fdb..eeab100e580 100644 --- a/2018/13xxx/CVE-2018-13288.json +++ b/2018/13xxx/CVE-2018-13288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13288", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13288", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13655.json b/2018/13xxx/CVE-2018-13655.json index 52634e3881d..171eaf61399 100644 --- a/2018/13xxx/CVE-2018-13655.json +++ b/2018/13xxx/CVE-2018-13655.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFC", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFC" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFC", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFC" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13971.json b/2018/13xxx/CVE-2018-13971.json index 2bc5443d950..5ad00554901 100644 --- a/2018/13xxx/CVE-2018-13971.json +++ b/2018/13xxx/CVE-2018-13971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13971", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13971", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17239.json b/2018/17xxx/CVE-2018-17239.json index bab9ba3ab14..74ce1cd6345 100644 --- a/2018/17xxx/CVE-2018-17239.json +++ b/2018/17xxx/CVE-2018-17239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17285.json b/2018/17xxx/CVE-2018-17285.json index 1790e83283b..c10bed18e9d 100644 --- a/2018/17xxx/CVE-2018-17285.json +++ b/2018/17xxx/CVE-2018-17285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17285", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17285", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17625.json b/2018/17xxx/CVE-2018-17625.json index f0ea4976f8c..51aa9776043 100644 --- a/2018/17xxx/CVE-2018-17625.json +++ b/2018/17xxx/CVE-2018-17625.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6438." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1094/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1094/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6438." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1094/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1094/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9632.json b/2018/9xxx/CVE-2018-9632.json index 85c06a563da..a77dddc9598 100644 --- a/2018/9xxx/CVE-2018-9632.json +++ b/2018/9xxx/CVE-2018-9632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9632", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9714.json b/2018/9xxx/CVE-2018-9714.json index eeeab572b42..b08497612c8 100644 --- a/2018/9xxx/CVE-2018-9714.json +++ b/2018/9xxx/CVE-2018-9714.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9714", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9714", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file