From e644a41ec55123e719e781b3e8d013a048e54ae0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:14:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1024.json | 150 ++++++------ 2002/1xxx/CVE-2002-1115.json | 160 ++++++------- 2002/1xxx/CVE-2002-1140.json | 140 +++++------ 2002/1xxx/CVE-2002-1275.json | 150 ++++++------ 2002/1xxx/CVE-2002-1578.json | 140 +++++------ 2002/1xxx/CVE-2002-1840.json | 150 ++++++------ 2003/0xxx/CVE-2003-0082.json | 220 ++++++++--------- 2003/0xxx/CVE-2003-0198.json | 120 +++++----- 2003/0xxx/CVE-2003-0203.json | 180 +++++++------- 2003/0xxx/CVE-2003-0416.json | 140 +++++------ 2003/1xxx/CVE-2003-1018.json | 140 +++++------ 2004/2xxx/CVE-2004-2136.json | 140 +++++------ 2004/2xxx/CVE-2004-2512.json | 170 ++++++------- 2004/2xxx/CVE-2004-2536.json | 180 +++++++------- 2008/2xxx/CVE-2008-2952.json | 420 ++++++++++++++++----------------- 2012/0xxx/CVE-2012-0079.json | 190 +++++++-------- 2012/0xxx/CVE-2012-0484.json | 220 ++++++++--------- 2012/1xxx/CVE-2012-1072.json | 150 ++++++------ 2012/1xxx/CVE-2012-1448.json | 140 +++++------ 2012/1xxx/CVE-2012-1614.json | 250 ++++++++++---------- 2012/4xxx/CVE-2012-4465.json | 180 +++++++------- 2012/4xxx/CVE-2012-4491.json | 150 ++++++------ 2012/5xxx/CVE-2012-5325.json | 140 +++++------ 2017/3xxx/CVE-2017-3258.json | 242 +++++++++---------- 2017/3xxx/CVE-2017-3335.json | 166 ++++++------- 2017/3xxx/CVE-2017-3990.json | 34 +-- 2017/6xxx/CVE-2017-6020.json | 142 +++++------ 2017/6xxx/CVE-2017-6652.json | 140 +++++------ 2017/7xxx/CVE-2017-7213.json | 120 +++++----- 2017/7xxx/CVE-2017-7331.json | 34 +-- 2017/7xxx/CVE-2017-7355.json | 34 +-- 2017/7xxx/CVE-2017-7407.json | 150 ++++++------ 2017/7xxx/CVE-2017-7662.json | 130 +++++----- 2017/7xxx/CVE-2017-7691.json | 130 +++++----- 2017/8xxx/CVE-2017-8304.json | 120 +++++----- 2017/8xxx/CVE-2017-8309.json | 160 ++++++------- 2017/8xxx/CVE-2017-8440.json | 146 ++++++------ 2018/10xxx/CVE-2018-10126.json | 120 +++++----- 2018/10xxx/CVE-2018-10306.json | 140 +++++------ 2018/10xxx/CVE-2018-10382.json | 130 +++++----- 2018/13xxx/CVE-2018-13216.json | 130 +++++----- 2018/13xxx/CVE-2018-13587.json | 130 +++++----- 2018/17xxx/CVE-2018-17353.json | 34 +-- 2018/17xxx/CVE-2018-17466.json | 272 ++++++++++----------- 2018/20xxx/CVE-2018-20082.json | 34 +-- 2018/20xxx/CVE-2018-20257.json | 34 +-- 2018/20xxx/CVE-2018-20744.json | 140 +++++------ 2018/20xxx/CVE-2018-20757.json | 120 +++++----- 2018/9xxx/CVE-2018-9176.json | 34 +-- 2018/9xxx/CVE-2018-9342.json | 34 +-- 2018/9xxx/CVE-2018-9465.json | 132 +++++------ 51 files changed, 3626 insertions(+), 3626 deletions(-) diff --git a/2002/1xxx/CVE-2002-1024.json b/2002/1xxx/CVE-2002-1024.json index cb80ab83434..74589040f53 100644 --- a/2002/1xxx/CVE-2002-1024.json +++ b/2002/1xxx/CVE-2002-1024.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#290140", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/290140" - }, - { - "name" : "20020627 Scanning for SSH Can Cause a Crash", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/SSH-scanning.shtml" - }, - { - "name" : "cisco-ssh-scan-dos(9437)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9437.php" - }, - { - "name" : "5114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5114" + }, + { + "name": "cisco-ssh-scan-dos(9437)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9437.php" + }, + { + "name": "VU#290140", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/290140" + }, + { + "name": "20020627 Scanning for SSH Can Cause a Crash", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/SSH-scanning.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1115.json b/2002/1xxx/CVE-2002-1115.json index d3189394214..6903e21a186 100644 --- a/2002/1xxx/CVE-2002-1115.json +++ b/2002/1xxx/CVE-2002-1115.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103013249211164&w=2" - }, - { - "name" : "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt", - "refsource" : "CONFIRM", - "url" : "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt" - }, - { - "name" : "DSA-161", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-161" - }, - { - "name" : "5563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5563" - }, - { - "name" : "mantis-view-private-bugs(9954)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9954.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt", + "refsource": "CONFIRM", + "url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt" + }, + { + "name": "mantis-view-private-bugs(9954)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9954.php" + }, + { + "name": "20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103013249211164&w=2" + }, + { + "name": "5563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5563" + }, + { + "name": "DSA-161", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-161" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1140.json b/2002/1xxx/CVE-2002-1140.json index 2fefdaf1edb..cf2639e23e4 100644 --- a/2002/1xxx/CVE-2002-1140.json +++ b/2002/1xxx/CVE-2002-1140.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka \"Improper parameter size check leading to denial of service.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-057", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057" - }, - { - "name" : "sfu-rpc-parameter-bo(10258)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10258.php" - }, - { - "name" : "5879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka \"Improper parameter size check leading to denial of service.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sfu-rpc-parameter-bo(10258)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10258.php" + }, + { + "name": "MS02-057", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057" + }, + { + "name": "5879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5879" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1275.json b/2002/1xxx/CVE-2002-1275.json index 38d2603deef..f5c1a71c4de 100644 --- a/2002/1xxx/CVE-2002-1275.json +++ b/2002/1xxx/CVE-2002-1275.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when used within LPRng, allows remote attackers to execute arbitrary code via \"unsanitized input.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SuSE-SA:2002:040", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_040_lprng_html2ps.html" - }, - { - "name" : "DSA-192", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-192" - }, - { - "name" : "lprng-html2ps-command-execution(10526)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10526.php" - }, - { - "name" : "6079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when used within LPRng, allows remote attackers to execute arbitrary code via \"unsanitized input.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SuSE-SA:2002:040", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_040_lprng_html2ps.html" + }, + { + "name": "6079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6079" + }, + { + "name": "DSA-192", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-192" + }, + { + "name": "lprng-html2ps-command-execution(10526)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10526.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1578.json b/2002/1xxx/CVE-2002-1578.json index 5e79125539b..c4e8a1e520c 100644 --- a/2002/1xxx/CVE-2002-1578.json +++ b/2002/1xxx/CVE-2002-1578.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020427 SAP R/3 on Oracle: vulnerable Default Installation ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0387.html" - }, - { - "name" : "sap-db-data-access(8972)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8972" - }, - { - "name" : "4613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sap-db-data-access(8972)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8972" + }, + { + "refsource": "BUGTRAQ", + "name": "20020427 SAP R/3 on Oracle: vulnerable Default Installation", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0387.html" + }, + { + "name": "4613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4613" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1840.json b/2002/1xxx/CVE-2002-1840.json index 61fafbdbe29..dfb7044321d 100644 --- a/2002/1xxx/CVE-2002-1840.json +++ b/2002/1xxx/CVE-2002-1840.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020525 irssi backdoored.", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/274132" - }, - { - "name" : "http://real.irssi.org/?page=backdoor", - "refsource" : "CONFIRM", - "url" : "http://real.irssi.org/?page=backdoor" - }, - { - "name" : "4831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4831" - }, - { - "name" : "irssi-backdoor-version(9176)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9176.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4831" + }, + { + "name": "http://real.irssi.org/?page=backdoor", + "refsource": "CONFIRM", + "url": "http://real.irssi.org/?page=backdoor" + }, + { + "name": "20020525 irssi backdoored.", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/274132" + }, + { + "name": "irssi-backdoor-version(9176)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9176.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0082.json b/2003/0xxx/CVE-2003-0082.json index b92a8a2d403..f4ca9997e7a 100644 --- a/2003/0xxx/CVE-2003-0082.json +++ b/2003/0xxx/CVE-2003-0082.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded" - }, - { - "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt" - }, - { - "name" : "DSA-266", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-266" - }, - { - "name" : "RHSA-2003:051", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html" - }, - { - "name" : "RHSA-2003:052", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html" - }, - { - "name" : "RHSA-2003:091", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html" - }, - { - "name" : "54042", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1" - }, - { - "name" : "7185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7185" - }, - { - "name" : "oval:org.mitre.oval:def:244", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244" - }, - { - "name" : "oval:org.mitre.oval:def:2536", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536" - }, - { - "name" : "oval:org.mitre.oval:def:4430", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:052", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-052.html" + }, + { + "name": "20030331 GLSA: krb5 & mit-krb5 (200303-28)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded" + }, + { + "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt" + }, + { + "name": "7185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7185" + }, + { + "name": "RHSA-2003:091", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-091.html" + }, + { + "name": "oval:org.mitre.oval:def:4430", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430" + }, + { + "name": "oval:org.mitre.oval:def:244", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244" + }, + { + "name": "RHSA-2003:051", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-051.html" + }, + { + "name": "DSA-266", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-266" + }, + { + "name": "54042", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1" + }, + { + "name": "oval:org.mitre.oval:def:2536", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0198.json b/2003/0xxx/CVE-2003-0198.json index 3e6bfab2400..266b17f05ec 100644 --- a/2003/0xxx/CVE-2003-0198.json +++ b/2003/0xxx/CVE-2003-0198.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.apple.com/mhonarc/security-announce/msg00028.html", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0203.json b/2003/0xxx/CVE-2003-0203.json index 4ff394ed33b..2a5781c9348 100644 --- a/2003/0xxx/CVE-2003-0203.json +++ b/2003/0xxx/CVE-2003-0203.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030223 moxftp arbitrary code execution poc/advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104610380126860&w=2" - }, - { - "name" : "20030223 moxftp arbitrary code execution poc/advisory", - "refsource" : "FULLDISC", - "url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-02/0338.html" - }, - { - "name" : "DSA-281", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-281" - }, - { - "name" : "6921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6921" - }, - { - "name" : "1006156", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006156" - }, - { - "name" : "8136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8136" - }, - { - "name" : "moxftp-welcome-banner-bo(11399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8136" + }, + { + "name": "6921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6921" + }, + { + "name": "moxftp-welcome-banner-bo(11399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11399" + }, + { + "name": "20030223 moxftp arbitrary code execution poc/advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104610380126860&w=2" + }, + { + "name": "DSA-281", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-281" + }, + { + "name": "20030223 moxftp arbitrary code execution poc/advisory", + "refsource": "FULLDISC", + "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-02/0338.html" + }, + { + "name": "1006156", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006156" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0416.json b/2003/0xxx/CVE-2003-0416.json index f9cd2eb43f6..d83fa08463f 100644 --- a/2003/0xxx/CVE-2003-0416.json +++ b/2003/0xxx/CVE-2003-0416.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 allows remote attackers to insert arbitrary HTML or script via (1) the year parameter in a showmonth action, (2) the month parameter in a showmonth action, or (3) the host parameter in a showhost action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030528 Bandmin 1.4 XSS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105418152212771&w=2" - }, - { - "name" : "bandmin-index-xss(12108)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/12108.php" - }, - { - "name" : "7729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 allows remote attackers to insert arbitrary HTML or script via (1) the year parameter in a showmonth action, (2) the month parameter in a showmonth action, or (3) the host parameter in a showhost action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030528 Bandmin 1.4 XSS Exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105418152212771&w=2" + }, + { + "name": "7729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7729" + }, + { + "name": "bandmin-index-xss(12108)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/12108.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1018.json b/2003/1xxx/CVE-2003-1018.json index c869a0b8c26..37a543f378c 100644 --- a/2003/1xxx/CVE-2003-1018.json +++ b/2003/1xxx/CVE-2003-1018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MSS-OAR-E01-20", - "refsource" : "IBM", - "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-20" - }, - { - "name" : "aix-enq-format-string(14037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14037" - }, - { - "name" : "9254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9254" + }, + { + "name": "MSS-OAR-E01-20", + "refsource": "IBM", + "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-20" + }, + { + "name": "aix-enq-format-string(14037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14037" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2136.json b/2004/2xxx/CVE-2004-2136.json index 996d2e7db45..60fe31ca43f 100644 --- a/2004/2xxx/CVE-2004-2136.json +++ b/2004/2xxx/CVE-2004-2136.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain \"IV computation\" weaknesses that allow watermarked files to be detected without decryption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20040219 Re: Oopsing cryptoapi (or loop device?) on 2.6.*", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=107719798631935&w=2" - }, - { - "name" : "http://mareichelt.de/pub/notmine/diskenc.pdf", - "refsource" : "MISC", - "url" : "http://mareichelt.de/pub/notmine/diskenc.pdf" - }, - { - "name" : "http://www.securiteam.com/exploits/5UP0P1PFPM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/5UP0P1PFPM.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain \"IV computation\" weaknesses that allow watermarked files to be detected without decryption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mareichelt.de/pub/notmine/diskenc.pdf", + "refsource": "MISC", + "url": "http://mareichelt.de/pub/notmine/diskenc.pdf" + }, + { + "name": "http://www.securiteam.com/exploits/5UP0P1PFPM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/5UP0P1PFPM.html" + }, + { + "name": "[linux-kernel] 20040219 Re: Oopsing cryptoapi (or loop device?) on 2.6.*", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=107719798631935&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2512.json b/2004/2xxx/CVE-2004-2512.json index 136e8877e04..33ffbb5d136 100644 --- a/2004/2xxx/CVE-2004-2512.json +++ b/2004/2xxx/CVE-2004-2512.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF (\"%0d%0a\") sequences in the PHPSESSID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html" - }, - { - "name" : "11340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11340" - }, - { - "name" : "10591", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10591" - }, - { - "name" : "1011481", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011481" - }, - { - "name" : "12751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12751" - }, - { - "name" : "dcpportal-phpsessid-response-splitting(17640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF (\"%0d%0a\") sequences in the PHPSESSID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10591", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10591" + }, + { + "name": "12751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12751" + }, + { + "name": "11340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11340" + }, + { + "name": "1011481", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011481" + }, + { + "name": "dcpportal-phpsessid-response-splitting(17640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17640" + }, + { + "name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2536.json b/2004/2xxx/CVE-2004-2536.json index e596dd0c3d2..5d6978d767d 100644 --- a/2004/2xxx/CVE-2004-2536.json +++ b/2004/2xxx/CVE-2004-2536.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040507 Bug in IO bitmap handling? Probably exploitable (2.6.5)", - "refsource" : "MLIST", - "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html" - }, - { - "name" : "20040507 Re: Bug in IO bitmap handling? Probably exploitable (2.6.5)", - "refsource" : "MLIST", - "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6" - }, - { - "name" : "10302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10302" - }, - { - "name" : "5997", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5997" - }, - { - "name" : "11577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11577" - }, - { - "name" : "linux-exitthread-gain-privileges(16106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6" + }, + { + "name": "linux-exitthread-gain-privileges(16106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16106" + }, + { + "name": "5997", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5997" + }, + { + "name": "10302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10302" + }, + { + "name": "20040507 Bug in IO bitmap handling? Probably exploitable (2.6.5)", + "refsource": "MLIST", + "url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html" + }, + { + "name": "11577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11577" + }, + { + "name": "20040507 Re: Bug in IO bitmap handling? Probably exploitable (2.6.5)", + "refsource": "MLIST", + "url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2952.json b/2008/2xxx/CVE-2008-2952.json index 57c56d25a20..c97fa71a60f 100644 --- a/2008/2xxx/CVE-2008-2952.json +++ b/2008/2xxx/CVE-2008-2952.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080811 rPSA-2008-0249-1 openldap openldap-clients openldap-servers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495320/100/0/threaded" - }, - { - "name" : "[oss-security] 20080713 Re: openldap DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/13/2" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-052/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-052/" - }, - { - "name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580" - }, - { - "name" : "[oss-security 20080701 Re: [oss-security] openldap DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/01/2" - }, - { - "name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0249", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0249" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2645", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2645" - }, - { - "name" : "APPLE-SA-2008-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html" - }, - { - "name" : "DSA-1650", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1650" - }, - { - "name" : "FEDORA-2008-6029", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html" - }, - { - "name" : "FEDORA-2008-6062", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html" - }, - { - "name" : "GLSA-200808-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-09.xml" - }, - { - "name" : "MDVSA-2008:144", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:144" - }, - { - "name" : "RHSA-2008:0583", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0583.html" - }, - { - "name" : "SUSE-SR:2008:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html" - }, - { - "name" : "USN-634-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-634-1" - }, - { - "name" : "30013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30013" - }, - { - "name" : "oval:org.mitre.oval:def:10662", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10662" - }, - { - "name" : "ADV-2008-1978", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1978/references" - }, - { - "name" : "ADV-2008-2268", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2268" - }, - { - "name" : "1020405", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020405" - }, - { - "name" : "30917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30917" - }, - { - "name" : "30853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30853" - }, - { - "name" : "31326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31326" - }, - { - "name" : "31364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31364" - }, - { - "name" : "31436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31436" - }, - { - "name" : "32254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32254" - }, - { - "name" : "32316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32316" - }, - { - "name" : "30996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30996" - }, - { - "name" : "openldap-bergetnext-dos(43515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2008:0583", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0583.html" + }, + { + "name": "GLSA-200808-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-09.xml" + }, + { + "name": "31364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31364" + }, + { + "name": "oval:org.mitre.oval:def:10662", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10662" + }, + { + "name": "30917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30917" + }, + { + "name": "APPLE-SA-2008-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html" + }, + { + "name": "openldap-bergetnext-dos(43515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43515" + }, + { + "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580" + }, + { + "name": "DSA-1650", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1650" + }, + { + "name": "30013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30013" + }, + { + "name": "[oss-security 20080701 Re: [oss-security] openldap DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/01/2" + }, + { + "name": "ADV-2008-2268", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2268" + }, + { + "name": "20080811 rPSA-2008-0249-1 openldap openldap-clients openldap-servers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495320/100/0/threaded" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2645", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2645" + }, + { + "name": "30996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30996" + }, + { + "name": "31436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31436" + }, + { + "name": "SUSE-SR:2008:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html" + }, + { + "name": "MDVSA-2008:144", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:144" + }, + { + "name": "[oss-security] 20080713 Re: openldap DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/13/2" + }, + { + "name": "USN-634-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-634-1" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-052/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-052/" + }, + { + "name": "30853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30853" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0249", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0249" + }, + { + "name": "31326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31326" + }, + { + "name": "FEDORA-2008-6062", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html" + }, + { + "name": "32254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32254" + }, + { + "name": "1020405", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020405" + }, + { + "name": "ADV-2008-1978", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1978/references" + }, + { + "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580" + }, + { + "name": "FEDORA-2008-6029", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html" + }, + { + "name": "32316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32316" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0079.json b/2012/0xxx/CVE-2012-0079.json index 8a3c45119d5..4ca190ff233 100644 --- a/2012/0xxx/CVE-2012-0079.json +++ b/2012/0xxx/CVE-2012-0079.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "RHSA-2012:1232", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" - }, - { - "name" : "51492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51492" - }, - { - "name" : "78412", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78412" - }, - { - "name" : "1026536", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026536" - }, - { - "name" : "46646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46646" - }, - { - "name" : "50084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50084" - }, - { - "name" : "sun-opensso-cve20120079(72501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026536", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026536" + }, + { + "name": "46646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46646" + }, + { + "name": "50084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50084" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + }, + { + "name": "51492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51492" + }, + { + "name": "78412", + "refsource": "OSVDB", + "url": "http://osvdb.org/78412" + }, + { + "name": "RHSA-2012:1232", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html" + }, + { + "name": "sun-opensso-cve20120079(72501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72501" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0484.json b/2012/0xxx/CVE-2012-0484.json index c72b1fd4422..81ae4dba5b6 100644 --- a/2012/0xxx/CVE-2012-0484.json +++ b/2012/0xxx/CVE-2012-0484.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687" - }, - { - "name" : "DSA-2429", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2429" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "SUSE-SU-2012:0984", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "51515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51515" - }, - { - "name" : "78372", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78372" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - }, - { - "name" : "48250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48250" - }, - { - "name" : "mysql-server-info-disc(72525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "51515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51515" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "48250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48250" + }, + { + "name": "78372", + "refsource": "OSVDB", + "url": "http://osvdb.org/78372" + }, + { + "name": "SUSE-SU-2012:0984", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687" + }, + { + "name": "mysql-server-info-disc(72525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72525" + }, + { + "name": "DSA-2429", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2429" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1072.json b/2012/1xxx/CVE-2012-1072.json index dc2ef029c33..83d0260e479 100644 --- a/2012/1xxx/CVE-2012-1072.json +++ b/2012/1xxx/CVE-2012-1072.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" - }, - { - "name" : "51834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51834" - }, - { - "name" : "78785", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78785" - }, - { - "name" : "typo3-category-unspecified-sql-injection(72958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" + }, + { + "name": "51834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51834" + }, + { + "name": "78785", + "refsource": "OSVDB", + "url": "http://osvdb.org/78785" + }, + { + "name": "typo3-category-unspecified-sql-injection(72958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72958" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1448.json b/2012/1xxx/CVE-2012-1448.json index 2664dd6a7b4..ebfcbec4c1e 100644 --- a/2012/1xxx/CVE-2012-1448.json +++ b/2012/1xxx/CVE-2012-1448.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "52603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + }, + { + "name": "52603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52603" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1614.json b/2012/1xxx/CVE-2012-1614.json index 06230d559a9..19b84961dc9 100644 --- a/2012/1xxx/CVE-2012-1614.json +++ b/2012/1xxx/CVE-2012-1614.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html" - }, - { - "name" : "18680", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18680" - }, - { - "name" : "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/30/5" - }, - { - "name" : "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/30/6" - }, - { - "name" : "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/03/6" - }, - { - "name" : "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html" - }, - { - "name" : "http://www.waraxe.us/advisory-81.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-81.html" - }, - { - "name" : "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354", - "refsource" : "CONFIRM", - "url" : "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354" - }, - { - "name" : "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html" - }, - { - "name" : "52818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52818" - }, - { - "name" : "80732", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80732" - }, - { - "name" : "80733", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80733" - }, - { - "name" : "80734", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80734" - }, - { - "name" : "80735", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html" + }, + { + "name": "http://www.waraxe.us/advisory-81.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-81.html" + }, + { + "name": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html" + }, + { + "name": "18680", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18680" + }, + { + "name": "80734", + "refsource": "OSVDB", + "url": "http://osvdb.org/80734" + }, + { + "name": "80735", + "refsource": "OSVDB", + "url": "http://osvdb.org/80735" + }, + { + "name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354", + "refsource": "CONFIRM", + "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354" + }, + { + "name": "80732", + "refsource": "OSVDB", + "url": "http://osvdb.org/80732" + }, + { + "name": "80733", + "refsource": "OSVDB", + "url": "http://osvdb.org/80733" + }, + { + "name": "52818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52818" + }, + { + "name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/30/6" + }, + { + "name": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html", + "refsource": "CONFIRM", + "url": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html" + }, + { + "name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/03/6" + }, + { + "name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/30/5" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4465.json b/2012/4xxx/CVE-2012-4465.json index b47a712df73..1232fc43533 100644 --- a/2012/4xxx/CVE-2012-4465.json +++ b/2012/4xxx/CVE-2012-4465.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the \"Author\" field in a commit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[cgit] 20120703 avoid stack-smash when processing unusual commit", - "refsource" : "MLIST", - "url" : "http://hjemli.net/pipermail/cgit/2012-July/000652.html" - }, - { - "name" : "[oss-security] 20120930 cgit: heap buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/30/1" - }, - { - "name" : "[oss-security] 20121003 Re: cgit: heap buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/03/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=820733", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=820733" - }, - { - "name" : "http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec", - "refsource" : "CONFIRM", - "url" : "http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec" - }, - { - "name" : "55724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55724" - }, - { - "name" : "50734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the \"Author\" field in a commit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120930 cgit: heap buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/30/1" + }, + { + "name": "http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec", + "refsource": "CONFIRM", + "url": "http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec" + }, + { + "name": "[cgit] 20120703 avoid stack-smash when processing unusual commit", + "refsource": "MLIST", + "url": "http://hjemli.net/pipermail/cgit/2012-July/000652.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=820733", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820733" + }, + { + "name": "50734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50734" + }, + { + "name": "55724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55724" + }, + { + "name": "[oss-security] 20121003 Re: cgit: heap buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/03/7" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4491.json b/2012/4xxx/CVE-2012-4491.json index d522f8aae89..b66b7d04542 100644 --- a/2012/4xxx/CVE-2012-4491.json +++ b/2012/4xxx/CVE-2012-4491.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6" - }, - { - "name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1" - }, - { - "name" : "http://drupal.org/node/1708198", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1708198" - }, - { - "name" : "54768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6" + }, + { + "name": "54768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54768" + }, + { + "name": "http://drupal.org/node/1708198", + "refsource": "MISC", + "url": "http://drupal.org/node/1708198" + }, + { + "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5325.json b/2012/5xxx/CVE-2012-5325.json index 9fe18457cfd..c308a2106ad 100644 --- a/2012/5xxx/CVE-2012-5325.json +++ b/2012/5xxx/CVE-2012-5325.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt" - }, - { - "name" : "51626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51626" - }, - { - "name" : "shortcode-domain-xss(72620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51626" + }, + { + "name": "http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt" + }, + { + "name": "shortcode-domain-xss(72620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72620" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3258.json b/2017/3xxx/CVE-2017-3258.json index d1ebaae0206..bad804eb22d 100644 --- a/2017/3xxx/CVE-2017-3258.json +++ b/2017/3xxx/CVE-2017-3258.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_value" : "5.5.53 and earlier" - }, - { - "version_value" : "5.6.34 and earlier" - }, - { - "version_value" : "5.7.16 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.5.53 and earlier" + }, + { + "version_value": "5.6.34 and earlier" + }, + { + "version_value": "5.7.16 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "DSA-3767", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3767" - }, - { - "name" : "DSA-3770", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3770" - }, - { - "name" : "GLSA-201702-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-17" - }, - { - "name" : "GLSA-201702-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-18" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "RHSA-2017:2192", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2192" - }, - { - "name" : "RHSA-2018:0279", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0279" - }, - { - "name" : "RHSA-2018:0574", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0574" - }, - { - "name" : "95560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95560" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "95560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95560" + }, + { + "name": "GLSA-201702-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-17" + }, + { + "name": "RHSA-2018:0574", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0574" + }, + { + "name": "GLSA-201702-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-18" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "RHSA-2018:0279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0279" + }, + { + "name": "DSA-3767", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3767" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "DSA-3770", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3770" + }, + { + "name": "RHSA-2017:2192", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2192" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3335.json b/2017/3xxx/CVE-2017-3335.json index a6829804a0d..f994cc56498 100644 --- a/2017/3xxx/CVE-2017-3335.json +++ b/2017/3xxx/CVE-2017-3335.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95500" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3990.json b/2017/3xxx/CVE-2017-3990.json index 05759356899..5f39c83ea64 100644 --- a/2017/3xxx/CVE-2017-3990.json +++ b/2017/3xxx/CVE-2017-3990.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3990", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3990", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6020.json b/2017/6xxx/CVE-2017-6020.json index 3b0dc251670..300861716a1 100644 --- a/2017/6xxx/CVE-2017-6020.json +++ b/2017/6xxx/CVE-2017-6020.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2017-03-23T00:00:00", - "ID" : "CVE-2017-6020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LAquis SCADA software", - "version" : { - "version_data" : [ - { - "version_value" : "versions prior to version 4.1.0.3237" - } - ] - } - } - ] - }, - "vendor_name" : "LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path traversal CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2017-03-23T00:00:00", + "ID": "CVE-2017-6020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LAquis SCADA software", + "version": { + "version_data": [ + { + "version_value": "versions prior to version 4.1.0.3237" + } + ] + } + } + ] + }, + "vendor_name": "LCDS - Le\u00c3\u00a3o Consultoria e Desenvolvimento de Sistemas LTDA ME" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42885", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42885/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01" - }, - { - "name" : "97055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path traversal CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42885", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42885/" + }, + { + "name": "97055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97055" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6652.json b/2017/6xxx/CVE-2017-6652.json index 446b70c08a3..0a70868fcd1 100644 --- a/2017/6xxx/CVE-2017-6652.json +++ b/2017/6xxx/CVE-2017-6652.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco TelePresence IX5000 Series", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco TelePresence IX5000 Series" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco TelePresence IX5000 Series", + "version": { + "version_data": [ + { + "version_value": "Cisco TelePresence IX5000 Series" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000" - }, - { - "name" : "98519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98519" - }, - { - "name" : "1038509", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98519" + }, + { + "name": "1038509", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038509" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7213.json b/2017/7xxx/CVE-2017-7213.json index 037b1569330..30f7f5a0f8f 100644 --- a/2017/7xxx/CVE-2017-7213.json +++ b/2017/7xxx/CVE-2017-7213.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.manageengine.com/products/desktop-central/cve-2017-7213-remote-control-privilege-violation.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/desktop-central/cve-2017-7213-remote-control-privilege-violation.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/desktop-central/cve-2017-7213-remote-control-privilege-violation.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/desktop-central/cve-2017-7213-remote-control-privilege-violation.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7331.json b/2017/7xxx/CVE-2017-7331.json index 5e152449a48..58ace2f5c92 100644 --- a/2017/7xxx/CVE-2017-7331.json +++ b/2017/7xxx/CVE-2017-7331.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7331", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7331", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7355.json b/2017/7xxx/CVE-2017-7355.json index aeaf46c5224..2dacb5e187c 100644 --- a/2017/7xxx/CVE-2017-7355.json +++ b/2017/7xxx/CVE-2017-7355.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7355", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7355", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7407.json b/2017/7xxx/CVE-2017-7407.json index a8a9584d426..103d744030b 100644 --- a/2017/7xxx/CVE-2017-7407.json +++ b/2017/7xxx/CVE-2017-7407.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "refsource" : "MISC", - "url" : "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "GLSA-201709-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-14" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", + "refsource": "MISC", + "url": "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "GLSA-201709-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-14" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7662.json b/2017/7xxx/CVE-2017-7662.json index 0ecaee23624..f2a711451bf 100644 --- a/2017/7xxx/CVE-2017-7662.json +++ b/2017/7xxx/CVE-2017-7662.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-7662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache CXF Fediz", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 1.4.0, 1.3.2 and 1.2.4." - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-7662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache CXF Fediz", + "version": { + "version_data": [ + { + "version_value": "prior to 1.4.0, 1.3.2 and 1.2.4." + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc" - }, - { - "name" : "1038498", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc" + }, + { + "name": "1038498", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038498" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7691.json b/2017/7xxx/CVE-2017-7691.json index fa17367891e..5e7b2259bc1 100644 --- a/2017/7xxx/CVE-2017-7691.json +++ b/2017/7xxx/CVE-2017-7691.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/04/11/sap-security-patch-day-april-2017/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2017/04/11/sap-security-patch-day-april-2017/" - }, - { - "name" : "97567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97567" + }, + { + "name": "https://blogs.sap.com/2017/04/11/sap-security-patch-day-april-2017/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2017/04/11/sap-security-patch-day-april-2017/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8304.json b/2017/8xxx/CVE-2017-8304.json index e3378f9b3d0..bbf34b5ab1d 100644 --- a/2017/8xxx/CVE-2017-8304.json +++ b/2017/8xxx/CVE-2017-8304.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb", - "refsource" : "MISC", - "url" : "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb", + "refsource": "MISC", + "url": "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8309.json b/2017/8xxx/CVE-2017-8309.json index eda15f03817..78871215c1c 100644 --- a/2017/8xxx/CVE-2017-8309.json +++ b/2017/8xxx/CVE-2017-8309.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[qemu-devel] 20170428 [PATCH] audio: release capture buffers", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "GLSA-201706-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-03" - }, - { - "name" : "RHSA-2017:2408", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2408" - }, - { - "name" : "98302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "GLSA-201706-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-03" + }, + { + "name": "98302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98302" + }, + { + "name": "RHSA-2017:2408", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2408" + }, + { + "name": "[qemu-devel] 20170428 [PATCH] audio: release capture buffers", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8440.json b/2017/8xxx/CVE-2017-8440.json index 2ab8776bb09..f1bbd70c51e 100644 --- a/2017/8xxx/CVE-2017-8440.json +++ b/2017/8xxx/CVE-2017-8440.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@elastic.co", - "ID" : "CVE-2017-8440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kibana", - "version" : { - "version_data" : [ - { - "version_value" : "5.3.0 to 5.3.3" - }, - { - "version_value" : "5.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2017-8440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "5.3.0 to 5.3.3" + }, + { + "version_value": "5.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952", - "refsource" : "CONFIRM", - "url" : "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952" - }, - { - "name" : "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released" - }, - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released" + }, + { + "name": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952", + "refsource": "CONFIRM", + "url": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952" + }, + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10126.json b/2018/10xxx/CVE-2018-10126.json index 9f25556abc5..cbab0a4429e 100644 --- a/2018/10xxx/CVE-2018-10126.json +++ b/2018/10xxx/CVE-2018-10126.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2786", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2786", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2786" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10306.json b/2018/10xxx/CVE-2018-10306.json index 50a4cc89697..567795890f1 100644 --- a/2018/10xxx/CVE-2018-10306.json +++ b/2018/10xxx/CVE-2018-10306.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ILIAS-eLearning/ILIAS/commit/95870b2db3e71154102b2cd2f05334fc741c6e39", - "refsource" : "MISC", - "url" : "https://github.com/ILIAS-eLearning/ILIAS/commit/95870b2db3e71154102b2cd2f05334fc741c6e39" - }, - { - "name" : "https://github.com/ILIAS-eLearning/ILIAS/commit/eb0272c8023818b1eb10a93e115c9e7960b62a62", - "refsource" : "MISC", - "url" : "https://github.com/ILIAS-eLearning/ILIAS/commit/eb0272c8023818b1eb10a93e115c9e7960b62a62" - }, - { - "name" : "https://www.ilias.de/docu/goto_docu_pg_116799_35.html", - "refsource" : "MISC", - "url" : "https://www.ilias.de/docu/goto_docu_pg_116799_35.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ILIAS-eLearning/ILIAS/commit/95870b2db3e71154102b2cd2f05334fc741c6e39", + "refsource": "MISC", + "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/95870b2db3e71154102b2cd2f05334fc741c6e39" + }, + { + "name": "https://www.ilias.de/docu/goto_docu_pg_116799_35.html", + "refsource": "MISC", + "url": "https://www.ilias.de/docu/goto_docu_pg_116799_35.html" + }, + { + "name": "https://github.com/ILIAS-eLearning/ILIAS/commit/eb0272c8023818b1eb10a93e115c9e7960b62a62", + "refsource": "MISC", + "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/eb0272c8023818b1eb10a93e115c9e7960b62a62" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10382.json b/2018/10xxx/CVE-2018-10382.json index 014c016bed1..2e5ee5d2b8b 100644 --- a/2018/10xxx/CVE-2018-10382.json +++ b/2018/10xxx/CVE-2018-10382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MODX Revolution 2.6.3 has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/modxcms/revolution/pull/13887", - "refsource" : "CONFIRM", - "url" : "https://github.com/modxcms/revolution/pull/13887" - }, - { - "name" : "https://github.com/modxcms/revolution/pull/13887/commits/3241473d8213e9551cef4ed0e8ac4645cfbd10c4", - "refsource" : "CONFIRM", - "url" : "https://github.com/modxcms/revolution/pull/13887/commits/3241473d8213e9551cef4ed0e8ac4645cfbd10c4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MODX Revolution 2.6.3 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/modxcms/revolution/pull/13887", + "refsource": "CONFIRM", + "url": "https://github.com/modxcms/revolution/pull/13887" + }, + { + "name": "https://github.com/modxcms/revolution/pull/13887/commits/3241473d8213e9551cef4ed0e8ac4645cfbd10c4", + "refsource": "CONFIRM", + "url": "https://github.com/modxcms/revolution/pull/13887/commits/3241473d8213e9551cef4ed0e8ac4645cfbd10c4" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13216.json b/2018/13xxx/CVE-2018-13216.json index b9686405dd8..a67aba8bf70 100644 --- a/2018/13xxx/CVE-2018-13216.json +++ b/2018/13xxx/CVE-2018-13216.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenMed", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenMed" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenMed", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenMed" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13587.json b/2018/13xxx/CVE-2018-13587.json index 4b4953ecfb0..fde6fb6b148 100644 --- a/2018/13xxx/CVE-2018-13587.json +++ b/2018/13xxx/CVE-2018-13587.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DECToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DECToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DECToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DECToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17353.json b/2018/17xxx/CVE-2018-17353.json index 67821b9904b..6ad4785de1c 100644 --- a/2018/17xxx/CVE-2018-17353.json +++ b/2018/17xxx/CVE-2018-17353.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17353", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17353", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17466.json b/2018/17xxx/CVE-2018-17466.json index f1ed1e69845..324d9f62726 100644 --- a/2018/17xxx/CVE-2018-17466.json +++ b/2018/17xxx/CVE-2018-17466.json @@ -1,138 +1,138 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-17466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : " 70.0.3538.67" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-17466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": " 70.0.3538.67" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html" - }, - { - "name" : "https://crbug.com/880906", - "refsource" : "MISC", - "url" : "https://crbug.com/880906" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4330", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4330" - }, - { - "name" : "DSA-4354", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4354" - }, - { - "name" : "DSA-4362", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4362" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:3004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3004" - }, - { - "name" : "RHSA-2018:3831", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3831" - }, - { - "name" : "RHSA-2018:3833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3833" - }, - { - "name" : "RHSA-2019:0159", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0159" - }, - { - "name" : "RHSA-2019:0160", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0160" - }, - { - "name" : "USN-3844-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3844-1/" - }, - { - "name" : "USN-3868-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3868-1/" - }, - { - "name" : "105666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105666" - }, - { - "name" : "106168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html" + }, + { + "name": "RHSA-2018:3833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3833" + }, + { + "name": "RHSA-2018:3831", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3831" + }, + { + "name": "DSA-4362", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4362" + }, + { + "name": "DSA-4330", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4330" + }, + { + "name": "USN-3844-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3844-1/" + }, + { + "name": "106168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106168" + }, + { + "name": "RHSA-2019:0159", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0159" + }, + { + "name": "RHSA-2018:3004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3004" + }, + { + "name": "DSA-4354", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4354" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + }, + { + "name": "USN-3868-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3868-1/" + }, + { + "name": "https://crbug.com/880906", + "refsource": "MISC", + "url": "https://crbug.com/880906" + }, + { + "name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" + }, + { + "name": "105666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105666" + }, + { + "name": "RHSA-2019:0160", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0160" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20082.json b/2018/20xxx/CVE-2018-20082.json index 7845a47103a..4e92263817c 100644 --- a/2018/20xxx/CVE-2018-20082.json +++ b/2018/20xxx/CVE-2018-20082.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20082", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20082", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20257.json b/2018/20xxx/CVE-2018-20257.json index 7c9fa793022..c50d6016124 100644 --- a/2018/20xxx/CVE-2018-20257.json +++ b/2018/20xxx/CVE-2018-20257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20257", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20257", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20744.json b/2018/20xxx/CVE-2018-20744.json index 4c2fb5c14c4..1cefda4afbe 100644 --- a/2018/20xxx/CVE-2018-20744.json +++ b/2018/20xxx/CVE-2018-20744.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rs/cors/issues/55", - "refsource" : "MISC", - "url" : "https://github.com/rs/cors/issues/55" - }, - { - "name" : "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf", - "refsource" : "MISC", - "url" : "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf" - }, - { - "name" : "106834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106834" + }, + { + "name": "https://github.com/rs/cors/issues/55", + "refsource": "MISC", + "url": "https://github.com/rs/cors/issues/55" + }, + { + "name": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf", + "refsource": "MISC", + "url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20757.json b/2018/20xxx/CVE-2018-20757.json index 2bba832823c..9203cc5b434 100644 --- a/2018/20xxx/CVE-2018-20757.json +++ b/2018/20xxx/CVE-2018-20757.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/modxcms/revolution/issues/14104", - "refsource" : "MISC", - "url" : "https://github.com/modxcms/revolution/issues/14104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/modxcms/revolution/issues/14104", + "refsource": "MISC", + "url": "https://github.com/modxcms/revolution/issues/14104" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9176.json b/2018/9xxx/CVE-2018-9176.json index b1543c75146..95a84b41743 100644 --- a/2018/9xxx/CVE-2018-9176.json +++ b/2018/9xxx/CVE-2018-9176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9176", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9176", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9342.json b/2018/9xxx/CVE-2018-9342.json index e0d50137931..7fec658f5a4 100644 --- a/2018/9xxx/CVE-2018-9342.json +++ b/2018/9xxx/CVE-2018-9342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9342", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9342", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9465.json b/2018/9xxx/CVE-2018-9465.json index c5b57db1e41..043d5dafaee 100644 --- a/2018/9xxx/CVE-2018-9465.json +++ b/2018/9xxx/CVE-2018-9465.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-9465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-9465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + } + ] + } +} \ No newline at end of file