From dfa746bd7747987bf7825974eeb442e223f1fad8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:04:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1265.json | 190 +++++++++--------- 2002/1xxx/CVE-2002-1602.json | 150 +++++++------- 2002/1xxx/CVE-2002-1825.json | 170 ++++++++-------- 2003/0xxx/CVE-2003-0252.json | 300 ++++++++++++++-------------- 2003/0xxx/CVE-2003-0447.json | 150 +++++++------- 2003/0xxx/CVE-2003-0704.json | 160 +++++++-------- 2003/0xxx/CVE-2003-0971.json | 280 +++++++++++++-------------- 2003/1xxx/CVE-2003-1308.json | 130 ++++++------- 2003/1xxx/CVE-2003-1348.json | 150 +++++++------- 2004/0xxx/CVE-2004-0319.json | 140 +++++++------- 2004/0xxx/CVE-2004-0953.json | 150 +++++++------- 2004/2xxx/CVE-2004-2096.json | 160 +++++++-------- 2004/2xxx/CVE-2004-2538.json | 170 ++++++++-------- 2004/2xxx/CVE-2004-2592.json | 190 +++++++++--------- 2008/2xxx/CVE-2008-2308.json | 180 ++++++++--------- 2008/2xxx/CVE-2008-2494.json | 140 +++++++------- 2008/2xxx/CVE-2008-2548.json | 170 ++++++++-------- 2012/0xxx/CVE-2012-0150.json | 140 +++++++------- 2012/0xxx/CVE-2012-0175.json | 140 +++++++------- 2012/0xxx/CVE-2012-0953.json | 34 ++-- 2012/1xxx/CVE-2012-1073.json | 150 +++++++------- 2012/1xxx/CVE-2012-1251.json | 160 +++++++-------- 2012/1xxx/CVE-2012-1281.json | 34 ++-- 2012/1xxx/CVE-2012-1300.json | 34 ++-- 2012/5xxx/CVE-2012-5553.json | 160 +++++++-------- 2012/5xxx/CVE-2012-5810.json | 130 ++++++------- 2012/5xxx/CVE-2012-5897.json | 170 ++++++++-------- 2017/3xxx/CVE-2017-3094.json | 140 +++++++------- 2017/3xxx/CVE-2017-3383.json | 166 ++++++++-------- 2017/3xxx/CVE-2017-3596.json | 166 ++++++++-------- 2017/6xxx/CVE-2017-6820.json | 180 ++++++++--------- 2017/7xxx/CVE-2017-7278.json | 120 ++++++------ 2017/7xxx/CVE-2017-7498.json | 34 ++-- 2017/8xxx/CVE-2017-8164.json | 344 ++++++++++++++++----------------- 2018/10xxx/CVE-2018-10350.json | 130 ++++++------- 2018/10xxx/CVE-2018-10353.json | 130 ++++++------- 2018/10xxx/CVE-2018-10710.json | 130 ++++++------- 2018/12xxx/CVE-2018-12303.json | 34 ++-- 2018/13xxx/CVE-2018-13048.json | 34 ++-- 2018/13xxx/CVE-2018-13425.json | 34 ++-- 2018/17xxx/CVE-2018-17238.json | 34 ++-- 2018/17xxx/CVE-2018-17368.json | 120 ++++++------ 2018/17xxx/CVE-2018-17987.json | 120 ++++++------ 2018/17xxx/CVE-2018-17989.json | 34 ++-- 2018/9xxx/CVE-2018-9221.json | 34 ++-- 2018/9xxx/CVE-2018-9582.json | 132 ++++++------- 2018/9xxx/CVE-2018-9762.json | 34 ++-- 47 files changed, 3141 insertions(+), 3141 deletions(-) diff --git a/2002/1xxx/CVE-2002-1265.json b/2002/1xxx/CVE-2002-1265.json index e0c7b7c0b63..6aa486f9f47 100644 --- a/2002/1xxx/CVE-2002-1265.json +++ b/2002/1xxx/CVE-2002-1265.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#266817", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/266817" - }, - { - "name" : "HPSBUX01020", - "refsource" : "HP", - "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1" - }, - { - "name" : "20021103-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P" - }, - { - "name" : "51082", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082" - }, - { - "name" : "http://www.info.apple.com/usen/security/security_updates.html", - "refsource" : "CONFIRM", - "url" : "http://www.info.apple.com/usen/security/security_updates.html" - }, - { - "name" : "6103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6103" - }, - { - "name" : "oval:org.mitre.oval:def:2248", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2248" - }, - { - "name" : "sun-rpc-libc-dos(10539)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10539.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.info.apple.com/usen/security/security_updates.html", + "refsource": "CONFIRM", + "url": "http://www.info.apple.com/usen/security/security_updates.html" + }, + { + "name": "oval:org.mitre.oval:def:2248", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2248" + }, + { + "name": "HPSBUX01020", + "refsource": "HP", + "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1" + }, + { + "name": "sun-rpc-libc-dos(10539)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10539.php" + }, + { + "name": "6103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6103" + }, + { + "name": "51082", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082" + }, + { + "name": "20021103-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P" + }, + { + "name": "VU#266817", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/266817" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1602.json b/2002/1xxx/CVE-2002-1602.json index 0e0ca4d0211..304d452ccae 100644 --- a/2002/1xxx/CVE-2002-1602.json +++ b/2002/1xxx/CVE-2002-1602.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020420 ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/268998" - }, - { - "name" : "VU#524227", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/524227" - }, - { - "name" : "4578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4578" - }, - { - "name" : "screen-braille-module-bo(8929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4578" + }, + { + "name": "20020420 ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/268998" + }, + { + "name": "screen-braille-module-bo(8929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8929" + }, + { + "name": "VU#524227", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/524227" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1825.json b/2002/1xxx/CVE-2002-1825.json index 3977204c616..89586117719 100644 --- a/2002/1xxx/CVE-2002-1825.json +++ b/2002/1xxx/CVE-2002-1825.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020926 remote SYSTEM compromise in WASD OpenVMS http server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/293229" - }, - { - "name" : "http://www.teaser.fr/~jlgailly/security/wasd-vuln-2002-09.txt", - "refsource" : "MISC", - "url" : "http://www.teaser.fr/~jlgailly/security/wasd-vuln-2002-09.txt" - }, - { - "name" : "http://wasd.vsm.com.au/ht_root/doc/misc/wasd_advisory_020925.txt", - "refsource" : "CONFIRM", - "url" : "http://wasd.vsm.com.au/ht_root/doc/misc/wasd_advisory_020925.txt" - }, - { - "name" : "5811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5811" - }, - { - "name" : "21288", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21288" - }, - { - "name" : "wasd-http-perlrte-format-string(10213)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10213.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020926 remote SYSTEM compromise in WASD OpenVMS http server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/293229" + }, + { + "name": "http://www.teaser.fr/~jlgailly/security/wasd-vuln-2002-09.txt", + "refsource": "MISC", + "url": "http://www.teaser.fr/~jlgailly/security/wasd-vuln-2002-09.txt" + }, + { + "name": "5811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5811" + }, + { + "name": "wasd-http-perlrte-format-string(10213)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10213.php" + }, + { + "name": "http://wasd.vsm.com.au/ht_root/doc/misc/wasd_advisory_020925.txt", + "refsource": "CONFIRM", + "url": "http://wasd.vsm.com.au/ht_root/doc/misc/wasd_advisory_020925.txt" + }, + { + "name": "21288", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21288" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0252.json b/2003/0xxx/CVE-2003-0252.json index 85919bba8db..d65c28dba2d 100644 --- a/2003/0xxx/CVE-2003-0252.json +++ b/2003/0xxx/CVE-2003-0252.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030714 Linux nfs-utils xlog() off-by-one bug", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html" - }, - { - "name" : "20030714 Linux nfs-utils xlog() off-by-one bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105820223707191&w=2" - }, - { - "name" : "http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt", - "refsource" : "MISC", - "url" : "http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt" - }, - { - "name" : "20030714 Reality of the rpc.mountd bug", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html" - }, - { - "name" : "DSA-349", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-349" - }, - { - "name" : "RHSA-2003:206", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-206.html" - }, - { - "name" : "RHSA-2003:207", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-207.html" - }, - { - "name" : "1001262", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1" - }, - { - "name" : "SuSE-SA:2003:031", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html" - }, - { - "name" : "MDKSA-2003:076", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:076" - }, - { - "name" : "TLSA-2003-44", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/TLSA-2003-44.txt" - }, - { - "name" : "20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105830921519513&w=2" - }, - { - "name" : "20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105839032403325&w=2" - }, - { - "name" : "VU#258564", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/258564" - }, - { - "name" : "8179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8179" - }, - { - "name" : "oval:org.mitre.oval:def:443", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443" - }, - { - "name" : "1007187", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007187" - }, - { - "name" : "9259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9259" - }, - { - "name" : "nfs-utils-offbyone-bo(12600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1001262", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1" + }, + { + "name": "RHSA-2003:206", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-206.html" + }, + { + "name": "8179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8179" + }, + { + "name": "20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105839032403325&w=2" + }, + { + "name": "http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt", + "refsource": "MISC", + "url": "http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt" + }, + { + "name": "TLSA-2003-44", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/TLSA-2003-44.txt" + }, + { + "name": "RHSA-2003:207", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-207.html" + }, + { + "name": "20030714 Linux nfs-utils xlog() off-by-one bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105820223707191&w=2" + }, + { + "name": "1007187", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007187" + }, + { + "name": "20030714 Reality of the rpc.mountd bug", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html" + }, + { + "name": "MDKSA-2003:076", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:076" + }, + { + "name": "20030714 Linux nfs-utils xlog() off-by-one bug", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html" + }, + { + "name": "20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105830921519513&w=2" + }, + { + "name": "9259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9259" + }, + { + "name": "nfs-utils-offbyone-bo(12600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12600" + }, + { + "name": "oval:org.mitre.oval:def:443", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443" + }, + { + "name": "VU#258564", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/258564" + }, + { + "name": "SuSE-SA:2003:031", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html" + }, + { + "name": "DSA-349", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-349" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0447.json b/2003/0xxx/CVE-2003-0447.json index 7210ac40bb0..0876310640a 100644 --- a/2003/0xxx/CVE-2003-0447.json +++ b/2003/0xxx/CVE-2003-0447.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a \"javascript:\" link to be generated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html" - }, - { - "name" : "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105585933614773&w=2" - }, - { - "name" : "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105585142406147&w=2" - }, - { - "name" : "http://security.greymagic.com/adv/gm014-ie/", - "refsource" : "MISC", - "url" : "http://security.greymagic.com/adv/gm014-ie/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a \"javascript:\" link to be generated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html" + }, + { + "name": "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105585933614773&w=2" + }, + { + "name": "http://security.greymagic.com/adv/gm014-ie/", + "refsource": "MISC", + "url": "http://security.greymagic.com/adv/gm014-ie/" + }, + { + "name": "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105585142406147&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0704.json b/2003/0xxx/CVE-2003-0704.json index 32e69b5b09c..8df44de73bd 100644 --- a/2003/0xxx/CVE-2003-0704.json +++ b/2003/0xxx/CVE-2003-0704.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a \"similar technique\" for (6) viha_prep.sh and (7) viha_unprep.sh." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A082203-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a082203-1.txt" - }, - { - "name" : "8497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8497" - }, - { - "name" : "kismac-setuid-modify-ownership(13009)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13009" - }, - { - "name" : "kismac-viha-gain-privileges(13010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13010" - }, - { - "name" : "kismac-driverkext-modify-ownership(13006)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a \"similar technique\" for (6) viha_prep.sh and (7) viha_unprep.sh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kismac-setuid-modify-ownership(13009)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13009" + }, + { + "name": "kismac-viha-gain-privileges(13010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13010" + }, + { + "name": "8497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8497" + }, + { + "name": "kismac-driverkext-modify-ownership(13006)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13006" + }, + { + "name": "A082203-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a082203-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0971.json b/2003/0xxx/CVE-2003-0971.json index 69bed0e8e79..7bdc63c6fd3 100644 --- a/2003/0xxx/CVE-2003-0971.json +++ b/2003/0xxx/CVE-2003-0971.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031127 GnuPG's ElGamal signing keys compromised", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106995769213221&w=2" - }, - { - "name" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html", - "refsource" : "CONFIRM", - "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html" - }, - { - "name" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html", - "refsource" : "CONFIRM", - "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html" - }, - { - "name" : "MDKSA-2003:109", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109" - }, - { - "name" : "CLA-2003:798", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798" - }, - { - "name" : "20040202-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" - }, - { - "name" : "SuSE-SA:2003:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_048_gpg.html" - }, - { - "name" : "RHSA-2003:390", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-390.html" - }, - { - "name" : "RHSA-2003:395", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-395.html" - }, - { - "name" : "DSA-429", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-429" - }, - { - "name" : "VU#940388", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/940388" - }, - { - "name" : "9115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9115" - }, - { - "name" : "oval:org.mitre.oval:def:10982", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982" - }, - { - "name" : "10304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10304" - }, - { - "name" : "10349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10349" - }, - { - "name" : "10399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10399" - }, - { - "name" : "10400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:395", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-395.html" + }, + { + "name": "20040202-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" + }, + { + "name": "SuSE-SA:2003:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_048_gpg.html" + }, + { + "name": "VU#940388", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/940388" + }, + { + "name": "10349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10349" + }, + { + "name": "20031127 GnuPG's ElGamal signing keys compromised", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106995769213221&w=2" + }, + { + "name": "DSA-429", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-429" + }, + { + "name": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html", + "refsource": "CONFIRM", + "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html" + }, + { + "name": "9115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9115" + }, + { + "name": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html", + "refsource": "CONFIRM", + "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html" + }, + { + "name": "RHSA-2003:390", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-390.html" + }, + { + "name": "oval:org.mitre.oval:def:10982", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982" + }, + { + "name": "10399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10399" + }, + { + "name": "10304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10304" + }, + { + "name": "MDKSA-2003:109", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109" + }, + { + "name": "CLA-2003:798", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798" + }, + { + "name": "10400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10400" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1308.json b/2003/1xxx/CVE-2003-1308.json index 5b6cc8c3757..725317da02d 100644 --- a/2003/1xxx/CVE-2003-1308.json +++ b/2003/1xxx/CVE-2003-1308.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fvwm.org/news/", - "refsource" : "CONFIRM", - "url" : "http://www.fvwm.org/news/" - }, - { - "name" : "9161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9161" + }, + { + "name": "http://www.fvwm.org/news/", + "refsource": "CONFIRM", + "url": "http://www.fvwm.org/news/" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1348.json b/2003/1xxx/CVE-2003-1348.json index c2200089768..bcfb8221071 100644 --- a/2003/1xxx/CVE-2003-1348.json +++ b/2003/1xxx/CVE-2003-1348.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030125 ftls.org Guestbook 1.1 Script Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/308312" - }, - { - "name" : "6686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6686" - }, - { - "name" : "3227", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3227" - }, - { - "name" : "guestbook-multiple-field-xss(11155)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3227", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3227" + }, + { + "name": "6686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6686" + }, + { + "name": "guestbook-multiple-field-xss(11155)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11155" + }, + { + "name": "20030125 ftls.org Guestbook 1.1 Script Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/308312" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0319.json b/2004/0xxx/CVE-2004-0319.json index 08de7dd0658..2545b90fc9d 100644 --- a/2004/0xxx/CVE-2004-0319.json +++ b/2004/0xxx/CVE-2004-0319.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040223 ezBoard Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107756639427140&w=2" - }, - { - "name" : "ezboard-font-xss(15287)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15287" - }, - { - "name" : "9725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9725" + }, + { + "name": "20040223 ezBoard Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107756639427140&w=2" + }, + { + "name": "ezboard-font-xss(15287)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15287" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0953.json b/2004/0xxx/CVE-2004-0953.json index b52feb5c537..fc0571e3aed 100644 --- a/2004/0xxx/CVE-2004-0953.json +++ b/2004/0xxx/CVE-2004-0953.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041124 Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110144303826709&w=2" - }, - { - "name" : "20041124 Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029346.html" - }, - { - "name" : "11741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11741" - }, - { - "name" : "jabberd2-c2s-bo(18238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041124 Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110144303826709&w=2" + }, + { + "name": "11741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11741" + }, + { + "name": "20041124 Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029346.html" + }, + { + "name": "jabberd2-c2s-bo(18238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18238" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2096.json b/2004/2xxx/CVE-2004-2096.json index 973d5b741c3..17fac798472 100644 --- a/2004/2xxx/CVE-2004-2096.json +++ b/2004/2xxx/CVE-2004-2096.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040121 Mephistoles Httpd 0.6.0final XSS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107470433714179&w=2" - }, - { - "name" : "3689", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3689" - }, - { - "name" : "10693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10693" - }, - { - "name" : "mephistoles-httpd-xss(14899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14899" - }, - { - "name" : "9470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040121 Mephistoles Httpd 0.6.0final XSS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107470433714179&w=2" + }, + { + "name": "3689", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3689" + }, + { + "name": "9470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9470" + }, + { + "name": "mephistoles-httpd-xss(14899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14899" + }, + { + "name": "10693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10693" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2538.json b/2004/2xxx/CVE-2004-2538.json index 7425d4be931..7dce60c1531 100644 --- a/2004/2xxx/CVE-2004-2538.json +++ b/2004/2xxx/CVE-2004-2538.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt", - "refsource" : "CONFIRM", - "url" : "http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt" - }, - { - "name" : "11524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11524" - }, - { - "name" : "11102", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11102" - }, - { - "name" : "1011911", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011911" - }, - { - "name" : "12853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12853" - }, - { - "name" : "phpcodegenie-header-footer-command-execution(17848)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt", + "refsource": "CONFIRM", + "url": "http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt" + }, + { + "name": "1011911", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011911" + }, + { + "name": "11102", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11102" + }, + { + "name": "12853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12853" + }, + { + "name": "phpcodegenie-header-footer-command-execution(17848)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17848" + }, + { + "name": "11524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11524" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2592.json b/2004/2xxx/CVE-2004-2592.json index af81381932f..bfe146e2c42 100644 --- a/2004/2xxx/CVE-2004-2592.json +++ b/2004/2xxx/CVE-2004-2592.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041027 Multiple Vulnerabilites in Quake II Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html" - }, - { - "name" : "http://secur1ty.net/advisories/001", - "refsource" : "MISC", - "url" : "http://secur1ty.net/advisories/001" - }, - { - "name" : "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/", - "refsource" : "CONFIRM", - "url" : "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/" - }, - { - "name" : "11551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11551" - }, - { - "name" : "11181", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11181" - }, - { - "name" : "1011979", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011979" - }, - { - "name" : "13013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13013" - }, - { - "name" : "quake-configstrings-baselines-dos(17890)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/", + "refsource": "CONFIRM", + "url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/" + }, + { + "name": "1011979", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011979" + }, + { + "name": "11551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11551" + }, + { + "name": "11181", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11181" + }, + { + "name": "quake-configstrings-baselines-dos(17890)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17890" + }, + { + "name": "13013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13013" + }, + { + "name": "http://secur1ty.net/advisories/001", + "refsource": "MISC", + "url": "http://secur1ty.net/advisories/001" + }, + { + "name": "20041027 Multiple Vulnerabilites in Quake II Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2308.json b/2008/2xxx/CVE-2008-2308.json index 113432f66f8..e5722128f9a 100644 --- a/2008/2xxx/CVE-2008-2308.json +++ b/2008/2xxx/CVE-2008-2308.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT2163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT2163" - }, - { - "name" : "APPLE-SA-2008-06-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" - }, - { - "name" : "30018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30018" - }, - { - "name" : "ADV-2008-1981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1981/references" - }, - { - "name" : "1020390", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020390" - }, - { - "name" : "30802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30802" - }, - { - "name" : "macos-aliasmanager-code-execution(43474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT2163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT2163" + }, + { + "name": "ADV-2008-1981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1981/references" + }, + { + "name": "macos-aliasmanager-code-execution(43474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43474" + }, + { + "name": "APPLE-SA-2008-06-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" + }, + { + "name": "1020390", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020390" + }, + { + "name": "30802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30802" + }, + { + "name": "30018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30018" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2494.json b/2008/2xxx/CVE-2008-2494.json index b82305bd87d..dcf9f28f4c5 100644 --- a/2008/2xxx/CVE-2008-2494.json +++ b/2008/2xxx/CVE-2008-2494.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via the l parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080525 Zina 1.0rc3 Remote Directory Traversal Vulnerability & XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492593/100/0/threaded" - }, - { - "name" : "29367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29367" - }, - { - "name" : "zina-index-xss(42642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via the l parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080525 Zina 1.0rc3 Remote Directory Traversal Vulnerability & XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492593/100/0/threaded" + }, + { + "name": "zina-index-xss(42642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42642" + }, + { + "name": "29367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29367" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2548.json b/2008/2xxx/CVE-2008-2548.json index 0a052c1f43c..7dc6e50227f 100644 --- a/2008/2xxx/CVE-2008-2548.json +++ b/2008/2xxx/CVE-2008-2548.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080527 ZDI-08-033: Motorola RAZR JPG Processing Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492668/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-033/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-033/" - }, - { - "name" : "ADV-2008-1671", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1671/references" - }, - { - "name" : "1020117", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020117" - }, - { - "name" : "30409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30409" - }, - { - "name" : "razr-jpeg-bo(42656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30409" + }, + { + "name": "20080527 ZDI-08-033: Motorola RAZR JPG Processing Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492668/100/0/threaded" + }, + { + "name": "1020117", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020117" + }, + { + "name": "razr-jpeg-bo(42656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42656" + }, + { + "name": "ADV-2008-1671", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1671/references" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-033/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-033/" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0150.json b/2012/0xxx/CVE-2012-0150.json index 5ada05e1cc2..d2130e7aa8f 100644 --- a/2012/0xxx/CVE-2012-0150.json +++ b/2012/0xxx/CVE-2012-0150.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka \"Msvcrt.dll Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-013" - }, - { - "name" : "TA12-045A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14631", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka \"Msvcrt.dll Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-045A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" + }, + { + "name": "MS12-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-013" + }, + { + "name": "oval:org.mitre.oval:def:14631", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14631" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0175.json b/2012/0xxx/CVE-2012-0175.json index 4c22051f555..6bb39b9975e 100644 --- a/2012/0xxx/CVE-2012-0175.json +++ b/2012/0xxx/CVE-2012-0175.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka \"Command Injection Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-048" - }, - { - "name" : "TA12-192A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14897", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka \"Command Injection Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-192A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" + }, + { + "name": "MS12-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-048" + }, + { + "name": "oval:org.mitre.oval:def:14897", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14897" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0953.json b/2012/0xxx/CVE-2012-0953.json index 4a227ac6e32..8a8edf93280 100644 --- a/2012/0xxx/CVE-2012-0953.json +++ b/2012/0xxx/CVE-2012-0953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0953", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0953", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1073.json b/2012/1xxx/CVE-2012-1073.json index 25cbd9206e3..53bea2be714 100644 --- a/2012/1xxx/CVE-2012-1073.json +++ b/2012/1xxx/CVE-2012-1073.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" - }, - { - "name" : "51834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51834" - }, - { - "name" : "78784", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78784" - }, - { - "name" : "typo3-categorysystem-unspecified-xss(72957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" + }, + { + "name": "51834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51834" + }, + { + "name": "typo3-categorysystem-unspecified-xss(72957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72957" + }, + { + "name": "78784", + "refsource": "OSVDB", + "url": "http://osvdb.org/78784" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1251.json b/2012/1xxx/CVE-2012-1251.json index 24931a0d447..52f10ff9642 100644 --- a/2012/1xxx/CVE-2012-1251.json +++ b/2012/1xxx/CVE-2012-1251.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-1251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/963/", - "refsource" : "MISC", - "url" : "http://www.opera.com/docs/changelogs/mac/963/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/963/", - "refsource" : "MISC", - "url" : "http://www.opera.com/docs/changelogs/unix/963/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/963/", - "refsource" : "MISC", - "url" : "http://www.opera.com/docs/changelogs/windows/963/" - }, - { - "name" : "JVN#39707339", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN39707339/index.html" - }, - { - "name" : "JVNDB-2012-000049", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/mac/963/", + "refsource": "MISC", + "url": "http://www.opera.com/docs/changelogs/mac/963/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/963/", + "refsource": "MISC", + "url": "http://www.opera.com/docs/changelogs/windows/963/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/963/", + "refsource": "MISC", + "url": "http://www.opera.com/docs/changelogs/unix/963/" + }, + { + "name": "JVN#39707339", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN39707339/index.html" + }, + { + "name": "JVNDB-2012-000049", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000049" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1281.json b/2012/1xxx/CVE-2012-1281.json index 04e669095ef..9b9042ddf71 100644 --- a/2012/1xxx/CVE-2012-1281.json +++ b/2012/1xxx/CVE-2012-1281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1281", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1281", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1300.json b/2012/1xxx/CVE-2012-1300.json index 46a90e38795..5a19377fa73 100644 --- a/2012/1xxx/CVE-2012-1300.json +++ b/2012/1xxx/CVE-2012-1300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1300", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1300", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5553.json b/2012/5xxx/CVE-2012-5553.json index 3e15ef7fba0..e1ecab3b6eb 100644 --- a/2012/5xxx/CVE-2012-5553.json +++ b/2012/5xxx/CVE-2012-5553.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the \"administer OM Maximenu\" permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, or (5) vocabulary names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4" - }, - { - "name" : "http://drupal.org/node/1834866", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1834866" - }, - { - "name" : "http://www.madirish.net/551", - "refsource" : "MISC", - "url" : "http://www.madirish.net/551" - }, - { - "name" : "http://drupal.org/node/1834046", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1834046" - }, - { - "name" : "http://drupal.org/node/1834048", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1834048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the \"administer OM Maximenu\" permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, or (5) vocabulary names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1834048", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1834048" + }, + { + "name": "http://drupal.org/node/1834866", + "refsource": "MISC", + "url": "http://drupal.org/node/1834866" + }, + { + "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4" + }, + { + "name": "http://www.madirish.net/551", + "refsource": "MISC", + "url": "http://www.madirish.net/551" + }, + { + "name": "http://drupal.org/node/1834046", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1834046" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5810.json b/2012/5xxx/CVE-2012-5810.json index a6b71466a53..be2d09c5b60 100644 --- a/2012/5xxx/CVE-2012-5810.json +++ b/2012/5xxx/CVE-2012-5810.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default X509TrustManager. NOTE: this vulnerability was fixed in the summer of 2012, but the version number was not changed or is not known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "https://docs.google.com/document/pub?id=1roBIeSJsYq3Ntpf6N0PIeeAAvu4ddn7mGo6Qb7aL7ew", - "refsource" : "MISC", - "url" : "https://docs.google.com/document/pub?id=1roBIeSJsYq3Ntpf6N0PIeeAAvu4ddn7mGo6Qb7aL7ew" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default X509TrustManager. NOTE: this vulnerability was fixed in the summer of 2012, but the version number was not changed or is not known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.google.com/document/pub?id=1roBIeSJsYq3Ntpf6N0PIeeAAvu4ddn7mGo6Qb7aL7ew", + "refsource": "MISC", + "url": "https://docs.google.com/document/pub?id=1roBIeSJsYq3Ntpf6N0PIeeAAvu4ddn7mGo6Qb7aL7ew" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5897.json b/2012/5xxx/CVE-2012-5897.json index 1facdb85afb..e1d58e3c8e2 100644 --- a/2012/5xxx/CVE-2012-5897.json +++ b/2012/5xxx/CVE-2012-5897.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120328 Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html" - }, - { - "name" : "18672", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18672" - }, - { - "name" : "52773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52773" - }, - { - "name" : "80664", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80664" - }, - { - "name" : "48566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48566" - }, - { - "name" : "intrust-ardoc-file-overwrite(74442)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52773" + }, + { + "name": "20120328 Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html" + }, + { + "name": "18672", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18672" + }, + { + "name": "80664", + "refsource": "OSVDB", + "url": "http://osvdb.org/80664" + }, + { + "name": "intrust-ardoc-file-overwrite(74442)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74442" + }, + { + "name": "48566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48566" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3094.json b/2017/3xxx/CVE-2017-3094.json index 5903deb00bd..66ca0b6cb2f 100644 --- a/2017/3xxx/CVE-2017-3094.json +++ b/2017/3xxx/CVE-2017-3094.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions 4.5.4 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Digital Editions 4.5.4 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions 4.5.4 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Digital Editions 4.5.4 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html" - }, - { - "name" : "99021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99021" - }, - { - "name" : "1038658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99021" + }, + { + "name": "1038658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038658" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3383.json b/2017/3xxx/CVE-2017-3383.json index 1f5657928ec..fd063c4f145 100644 --- a/2017/3xxx/CVE-2017-3383.json +++ b/2017/3xxx/CVE-2017-3383.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3596.json b/2017/3xxx/CVE-2017-3596.json index b5d680d788e..3cc51b5b905 100644 --- a/2017/3xxx/CVE-2017-3596.json +++ b/2017/3xxx/CVE-2017-3596.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCenter Sites", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.8.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.8.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97875" - }, - { - "name" : "1038291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038291" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97875" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6820.json b/2017/6xxx/CVE-2017-6820.json index 5e055719ca0..0c255dd72bb 100644 --- a/2017/6xxx/CVE-2017-6820.json +++ b/2017/6xxx/CVE-2017-6820.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/releases/tag/1.1.8", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/releases/tag/1.1.8" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/releases/tag/1.2.4", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/releases/tag/1.2.4" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124" - }, - { - "name" : "https://roundcube.net/news/2017/03/10/updates-1.2.4-and-1.1.8-released", - "refsource" : "CONFIRM", - "url" : "https://roundcube.net/news/2017/03/10/updates-1.2.4-and-1.1.8-released" - }, - { - "name" : "96817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124" + }, + { + "name": "https://roundcube.net/news/2017/03/10/updates-1.2.4-and-1.1.8-released", + "refsource": "CONFIRM", + "url": "https://roundcube.net/news/2017/03/10/updates-1.2.4-and-1.1.8-released" + }, + { + "name": "https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4" + }, + { + "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.8", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.8" + }, + { + "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.4", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.4" + }, + { + "name": "96817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96817" + }, + { + "name": "https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7278.json b/2017/7xxx/CVE-2017-7278.json index 3f7d2021317..bad9daeed4c 100644 --- a/2017/7xxx/CVE-2017-7278.json +++ b/2017/7xxx/CVE-2017-7278.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.aptus.se/sv/site/aptusse/support/sakerhetsuppdatering/", - "refsource" : "CONFIRM", - "url" : "https://www.aptus.se/sv/site/aptusse/support/sakerhetsuppdatering/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.aptus.se/sv/site/aptusse/support/sakerhetsuppdatering/", + "refsource": "CONFIRM", + "url": "https://www.aptus.se/sv/site/aptusse/support/sakerhetsuppdatering/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7498.json b/2017/7xxx/CVE-2017-7498.json index 1a1e2ebb2ee..9d8d29ff106 100644 --- a/2017/7xxx/CVE-2017-7498.json +++ b/2017/7xxx/CVE-2017-7498.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7498", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8934. Reason: This candidate is a reservation duplicate of CVE-2017-8934. Notes: All CVE users should reference CVE-2017-8934 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7498", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8934. Reason: This candidate is a reservation duplicate of CVE-2017-8934. Notes: All CVE users should reference CVE-2017-8934 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8164.json b/2017/8xxx/CVE-2017-8164.json index d3f2bba8138..c279316c24c 100644 --- a/2017/8xxx/CVE-2017-8164.json +++ b/2017/8xxx/CVE-2017-8164.json @@ -1,174 +1,174 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-29T00:00:00", - "ID" : "CVE-2017-8164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EVA-AL10; EVA-CL00; EVA-DL00; EVA-L09; EVA-L19; EVA-L29; EVA-TL00; VIE-L09; VIE-L29", - "version" : { - "version_data" : [ - { - "version_value" : "EVA-L09C34B142" - }, - { - "version_value" : "EVA-L09C40B196" - }, - { - "version_value" : "EVA-L09C432B210" - }, - { - "version_value" : "EVA-L09C440B138" - }, - { - "version_value" : "EVA-L09C464B150" - }, - { - "version_value" : "EVA-L09C530B127" - }, - { - "version_value" : "EVA-L09C55B190" - }, - { - "version_value" : "EVA-L09C576B150" - }, - { - "version_value" : "EVA-L09C635B221" - }, - { - "version_value" : "EVA-L09C636B193" - }, - { - "version_value" : "EVA-L09C675B130" - }, - { - "version_value" : "EVA-L09C688B143" - }, - { - "version_value" : "EVA-L09C703B160" - }, - { - "version_value" : "EVA-L09C706B145" - }, - { - "version_value" : "EVA-L09GBRC555B171" - }, - { - "version_value" : "EVA-L09IRLC368B160" - }, - { - "version_value" : "EVA-L19C10B190" - }, - { - "version_value" : "EVA-L19C185B220" - }, - { - "version_value" : "EVA-L19C20B160" - }, - { - "version_value" : "EVA-L19C432B210" - }, - { - "version_value" : "EVA-L19C636B190" - }, - { - "version_value" : "EVA-L29C20B160" - }, - { - "version_value" : "EVA-L29C636B191" - }, - { - "version_value" : "EVA-TL00C01B198" - }, - { - "version_value" : "VIE-L09C02B131" - }, - { - "version_value" : "VIE-L09C109B181" - }, - { - "version_value" : "VIE-L09C113B170" - }, - { - "version_value" : "VIE-L09C150B170" - }, - { - "version_value" : "VIE-L09C25B120" - }, - { - "version_value" : "VIE-L09C40B181" - }, - { - "version_value" : "VIE-L09C432B181" - }, - { - "version_value" : "VIE-L09C55B170" - }, - { - "version_value" : "VIE-L09C605B131" - }, - { - "version_value" : "VIE-L09ITAC555B130" - }, - { - "version_value" : "VIE-L29C10B170" - }, - { - "version_value" : "VIE-L29C185B181" - }, - { - "version_value" : "VIE-L29C605B131" - }, - { - "version_value" : "VIE-L29C636B202" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171; EVA-L09IRLC368B160; EVA-L19C10B190; EVA-L19C185B220; EVA-L19C20B160; EVA-L19C432B210; EVA-L19C636B190; EVA-L29C20B160; EVA-L29C636B191; EVA-TL00C01B198; VIE-L09C02B131; VIE-L09C109B181; VIE-L09C113B170; VIE-L09C150B170; VIE-L09C25B120; VIE-L09C40B181; VIE-L09C432B181; VIE-L09C55B170; VIE-L09C605B131; VIE-L09ITAC555B130; VIE-L29C10B170; VIE-L29C185B181; VIE-L29C605B131; VIE-L29C636B202 have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-29T00:00:00", + "ID": "CVE-2017-8164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EVA-AL10; EVA-CL00; EVA-DL00; EVA-L09; EVA-L19; EVA-L29; EVA-TL00; VIE-L09; VIE-L29", + "version": { + "version_data": [ + { + "version_value": "EVA-L09C34B142" + }, + { + "version_value": "EVA-L09C40B196" + }, + { + "version_value": "EVA-L09C432B210" + }, + { + "version_value": "EVA-L09C440B138" + }, + { + "version_value": "EVA-L09C464B150" + }, + { + "version_value": "EVA-L09C530B127" + }, + { + "version_value": "EVA-L09C55B190" + }, + { + "version_value": "EVA-L09C576B150" + }, + { + "version_value": "EVA-L09C635B221" + }, + { + "version_value": "EVA-L09C636B193" + }, + { + "version_value": "EVA-L09C675B130" + }, + { + "version_value": "EVA-L09C688B143" + }, + { + "version_value": "EVA-L09C703B160" + }, + { + "version_value": "EVA-L09C706B145" + }, + { + "version_value": "EVA-L09GBRC555B171" + }, + { + "version_value": "EVA-L09IRLC368B160" + }, + { + "version_value": "EVA-L19C10B190" + }, + { + "version_value": "EVA-L19C185B220" + }, + { + "version_value": "EVA-L19C20B160" + }, + { + "version_value": "EVA-L19C432B210" + }, + { + "version_value": "EVA-L19C636B190" + }, + { + "version_value": "EVA-L29C20B160" + }, + { + "version_value": "EVA-L29C636B191" + }, + { + "version_value": "EVA-TL00C01B198" + }, + { + "version_value": "VIE-L09C02B131" + }, + { + "version_value": "VIE-L09C109B181" + }, + { + "version_value": "VIE-L09C113B170" + }, + { + "version_value": "VIE-L09C150B170" + }, + { + "version_value": "VIE-L09C25B120" + }, + { + "version_value": "VIE-L09C40B181" + }, + { + "version_value": "VIE-L09C432B181" + }, + { + "version_value": "VIE-L09C55B170" + }, + { + "version_value": "VIE-L09C605B131" + }, + { + "version_value": "VIE-L09ITAC555B130" + }, + { + "version_value": "VIE-L29C10B170" + }, + { + "version_value": "VIE-L29C185B181" + }, + { + "version_value": "VIE-L29C605B131" + }, + { + "version_value": "VIE-L29C636B202" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171; EVA-L09IRLC368B160; EVA-L19C10B190; EVA-L19C185B220; EVA-L19C20B160; EVA-L19C432B210; EVA-L19C636B190; EVA-L29C20B160; EVA-L29C636B191; EVA-TL00C01B198; VIE-L09C02B131; VIE-L09C109B181; VIE-L09C113B170; VIE-L09C150B170; VIE-L09C25B120; VIE-L09C40B181; VIE-L09C432B181; VIE-L09C55B170; VIE-L09C605B131; VIE-L09ITAC555B130; VIE-L29C10B170; VIE-L29C185B181; VIE-L29C605B131; VIE-L29C636B202 have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10350.json b/2018/10xxx/CVE-2018-10350.json index 262fd3bb251..258ab6bdc65 100644 --- a/2018/10xxx/CVE-2018-10350.json +++ b/2018/10xxx/CVE-2018-10350.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-10350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Smart Protection Server (Standalone)", - "version" : { - "version_data" : [ - { - "version_value" : "3.0, 3.1, 3.2, 3.3" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection RCE" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-10350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Smart Protection Server (Standalone)", + "version": { + "version_data": [ + { + "version_value": "3.0, 3.1, 3.2, 3.3" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-421/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-421/" - }, - { - "name" : "https://success.trendmicro.com/solution/1119715", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\\_bwlists\\_handler.php. Authentication is required in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection RCE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-421/" + }, + { + "name": "https://success.trendmicro.com/solution/1119715", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119715" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10353.json b/2018/10xxx/CVE-2018-10353.json index b6d00877e5e..c1aff6f7866 100644 --- a/2018/10xxx/CVE-2018-10353.json +++ b/2018/10xxx/CVE-2018-10353.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-10353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Email Encryption Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "5.5" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-10353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Email Encryption Gateway", + "version": { + "version_data": [ + { + "version_value": "5.5" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-419/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-419/" - }, - { - "name" : "https://success.trendmicro.com/solution/1119349", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1119349", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119349" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-419/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-419/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10710.json b/2018/10xxx/CVE-2018-10710.json index 69f6578eb84..96126afa7a5 100644 --- a/2018/10xxx/CVE-2018-10710.json +++ b/2018/10xxx/CVE-2018-10710.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45716", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45716/" - }, - { - "name" : "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities", + "refsource": "MISC", + "url": "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities" + }, + { + "name": "45716", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45716/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12303.json b/2018/12xxx/CVE-2018-12303.json index 3f378f8ed12..e6841bec2a3 100644 --- a/2018/12xxx/CVE-2018-12303.json +++ b/2018/12xxx/CVE-2018-12303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13048.json b/2018/13xxx/CVE-2018-13048.json index cdd5f25cdc3..73a9f4279e4 100644 --- a/2018/13xxx/CVE-2018-13048.json +++ b/2018/13xxx/CVE-2018-13048.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13048", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13048", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13425.json b/2018/13xxx/CVE-2018-13425.json index 8e7418d33ea..a9ab2ab1a0b 100644 --- a/2018/13xxx/CVE-2018-13425.json +++ b/2018/13xxx/CVE-2018-13425.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13425", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13425", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17238.json b/2018/17xxx/CVE-2018-17238.json index fb4f78e4d37..1d695eb7d2c 100644 --- a/2018/17xxx/CVE-2018-17238.json +++ b/2018/17xxx/CVE-2018-17238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17238", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17238", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17368.json b/2018/17xxx/CVE-2018-17368.json index 257a59260d3..0eea76c6158 100644 --- a/2018/17xxx/CVE-2018-17368.json +++ b/2018/17xxx/CVE-2018-17368.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sanluan/PublicCMS/issues/18", - "refsource" : "MISC", - "url" : "https://github.com/sanluan/PublicCMS/issues/18" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sanluan/PublicCMS/issues/18", + "refsource": "MISC", + "url": "https://github.com/sanluan/PublicCMS/issues/18" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17987.json b/2018/17xxx/CVE-2018-17987.json index ca98a4d9cd2..f17e3c94d85 100644 --- a/2018/17xxx/CVE-2018-17987.json +++ b/2018/17xxx/CVE-2018-17987.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17987", - "refsource" : "MISC", - "url" : "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17987", + "refsource": "MISC", + "url": "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17987" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17989.json b/2018/17xxx/CVE-2018-17989.json index 75cf742a7c0..d5f9917c657 100644 --- a/2018/17xxx/CVE-2018-17989.json +++ b/2018/17xxx/CVE-2018-17989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9221.json b/2018/9xxx/CVE-2018-9221.json index f0e6f3d2da8..b85f0692104 100644 --- a/2018/9xxx/CVE-2018-9221.json +++ b/2018/9xxx/CVE-2018-9221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9582.json b/2018/9xxx/CVE-2018-9582.json index 6c2a7d35215..dfab55a042b 100644 --- a/2018/9xxx/CVE-2018-9582.json +++ b/2018/9xxx/CVE-2018-9582.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2019-01-01T00:00:00", - "ID" : "CVE-2018-9582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Android" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2019-01-01T00:00:00", + "ID": "CVE-2018-9582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Android" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2019-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2019-01-01.html" - }, - { - "name" : "106474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106474" + }, + { + "name": "https://source.android.com/security/bulletin/2019-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2019-01-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9762.json b/2018/9xxx/CVE-2018-9762.json index 7fbb5285950..c60f150f175 100644 --- a/2018/9xxx/CVE-2018-9762.json +++ b/2018/9xxx/CVE-2018-9762.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9762", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9762", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file