diff --git a/2004/0xxx/CVE-2004-0028.json b/2004/0xxx/CVE-2004-0028.json index 2df67c8fe0b..eecb246a89c 100644 --- a/2004/0xxx/CVE-2004-0028.json +++ b/2004/0xxx/CVE-2004-0028.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-420", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-420" - }, - { - "name" : "9397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9397" - }, - { - "name" : "jitterbug-execute-code(14207)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9397" + }, + { + "name": "jitterbug-execute-code(14207)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14207" + }, + { + "name": "DSA-420", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-420" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0042.json b/2004/0xxx/CVE-2004-0042.json index b06cfd95e19..e92c85e7e36 100644 --- a/2004/0xxx/CVE-2004-0042.json +++ b/2004/0xxx/CVE-2004-0042.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1008628", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1008628", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008628" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1062.json b/2004/1xxx/CVE-2004-1062.json index 1eee5770611..8d00e9f65ad 100644 --- a/2004/1xxx/CVE-2004-1062.json +++ b/2004/1xxx/CVE-2004-1062.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 Cross-Site Scripting - an industry-wide problem", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html" - }, - { - "name" : "http://www.mikx.de/index.php?p=6", - "refsource" : "MISC", - "url" : "http://www.mikx.de/index.php?p=6" - }, - { - "name" : "GLSA-200412-26", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200412-26.xml" - }, - { - "name" : "SUSE-SR:2005:001", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_01_sr.html" - }, - { - "name" : "viewcvs-xss(18718)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mikx.de/index.php?p=6", + "refsource": "MISC", + "url": "http://www.mikx.de/index.php?p=6" + }, + { + "name": "GLSA-200412-26", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200412-26.xml" + }, + { + "name": "20041223 Cross-Site Scripting - an industry-wide problem", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html" + }, + { + "name": "SUSE-SR:2005:001", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html" + }, + { + "name": "viewcvs-xss(18718)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18718" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1358.json b/2004/1xxx/CVE-2004-1358.json index e32badf7dc9..7d6ab0a1b71 100644 --- a/2004/1xxx/CVE-2004-1358.json +++ b/2004/1xxx/CVE-2004-1358.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57478", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57478-1&searchclause=%22category:security%22%20%20114332-08" - }, - { - "name" : "O-099", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-099.shtml" - }, - { - "name" : "ESB-2004.0069", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=3788" - }, - { - "name" : "9852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9852" - }, - { - "name" : "oval:org.mitre.oval:def:3567", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3567" - }, - { - "name" : "solaris-patches-disable-bsm(14918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ESB-2004.0069", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=3788" + }, + { + "name": "solaris-patches-disable-bsm(14918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14918" + }, + { + "name": "oval:org.mitre.oval:def:3567", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3567" + }, + { + "name": "9852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9852" + }, + { + "name": "O-099", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-099.shtml" + }, + { + "name": "57478", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57478-1&searchclause=%22category:security%22%20%20114332-08" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1666.json b/2004/1xxx/CVE-2004-1666.json index 8beb324b185..2eb4abca939 100644 --- a/2004/1xxx/CVE-2004-1666.json +++ b/2004/1xxx/CVE-2004-1666.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040908 Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109466618609375&w=2" - }, - { - "name" : "http://unsecure.altervista.org/security/trillian.htm", - "refsource" : "MISC", - "url" : "http://unsecure.altervista.org/security/trillian.htm" - }, - { - "name" : "http://unsecure.altervista.org/security/trillianbof.c", - "refsource" : "MISC", - "url" : "http://unsecure.altervista.org/security/trillianbof.c" - }, - { - "name" : "11142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11142" - }, - { - "name" : "12487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12487" - }, - { - "name" : "trillian-msn-bo(17292)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "trillian-msn-bo(17292)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17292" + }, + { + "name": "11142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11142" + }, + { + "name": "http://unsecure.altervista.org/security/trillian.htm", + "refsource": "MISC", + "url": "http://unsecure.altervista.org/security/trillian.htm" + }, + { + "name": "20040908 Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109466618609375&w=2" + }, + { + "name": "http://unsecure.altervista.org/security/trillianbof.c", + "refsource": "MISC", + "url": "http://unsecure.altervista.org/security/trillianbof.c" + }, + { + "name": "12487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12487" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2375.json b/2004/2xxx/CVE-2004-2375.json index 5e58a7d95b3..b03709faa81 100644 --- a/2004/2xxx/CVE-2004-2375.json +++ b/2004/2xxx/CVE-2004-2375.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an APOP USER command with a long second parameter (digest)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digiti.be/jeffosz/advisories/1stclasspop3.txt", - "refsource" : "MISC", - "url" : "http://www.digiti.be/jeffosz/advisories/1stclasspop3.txt" - }, - { - "name" : "http://www.zone-h.org/advisories/read/id=4047", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=4047" - }, - { - "name" : "9794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9794" - }, - { - "name" : "4129", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4129" - }, - { - "name" : "1009279", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009279" - }, - { - "name" : "11029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11029" - }, - { - "name" : "1st-class-apop-dos(15314)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an APOP USER command with a long second parameter (digest)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4129", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4129" + }, + { + "name": "1009279", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009279" + }, + { + "name": "1st-class-apop-dos(15314)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15314" + }, + { + "name": "http://www.digiti.be/jeffosz/advisories/1stclasspop3.txt", + "refsource": "MISC", + "url": "http://www.digiti.be/jeffosz/advisories/1stclasspop3.txt" + }, + { + "name": "9794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9794" + }, + { + "name": "11029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11029" + }, + { + "name": "http://www.zone-h.org/advisories/read/id=4047", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=4047" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2428.json b/2004/2xxx/CVE-2004-2428.json index d05aabee2ee..cec398a8051 100644 --- a/2004/2xxx/CVE-2004-2428.json +++ b/2004/2xxx/CVE-2004-2428.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9159", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9159" - }, - { - "name" : "1011026", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011026" - }, - { - "name" : "wwwguestbook-url-information-disclosure(17077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9159", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9159" + }, + { + "name": "1011026", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011026" + }, + { + "name": "wwwguestbook-url-information-disclosure(17077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17077" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2746.json b/2004/2xxx/CVE-2004-2746.json index 3a11bde913a..cb5284c6a4e 100644 --- a/2004/2xxx/CVE-2004-2746.json +++ b/2004/2xxx/CVE-2004-2746.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040115 Xtreme ASP Photo Gallery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/350028/30/21640/threaded" - }, - { - "name" : "http://www.tripbit.org/advisories/TA-150104.txt", - "refsource" : "MISC", - "url" : "http://www.tripbit.org/advisories/TA-150104.txt" - }, - { - "name" : "http://www.pensacolawebdesigns.com/xtremeasp/readmore.asp", - "refsource" : "CONFIRM", - "url" : "http://www.pensacolawebdesigns.com/xtremeasp/readmore.asp" - }, - { - "name" : "9438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9438" - }, - { - "name" : "3585", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3585" - }, - { - "name" : "1008745", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008745" - }, - { - "name" : "10659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10659" - }, - { - "name" : "3346", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3346" - }, - { - "name" : "xtremeaspphotogallery-or-sql-injection(14860)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040115 Xtreme ASP Photo Gallery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/350028/30/21640/threaded" + }, + { + "name": "9438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9438" + }, + { + "name": "1008745", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008745" + }, + { + "name": "xtremeaspphotogallery-or-sql-injection(14860)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14860" + }, + { + "name": "http://www.pensacolawebdesigns.com/xtremeasp/readmore.asp", + "refsource": "CONFIRM", + "url": "http://www.pensacolawebdesigns.com/xtremeasp/readmore.asp" + }, + { + "name": "3585", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3585" + }, + { + "name": "3346", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3346" + }, + { + "name": "http://www.tripbit.org/advisories/TA-150104.txt", + "refsource": "MISC", + "url": "http://www.tripbit.org/advisories/TA-150104.txt" + }, + { + "name": "10659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10659" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2775.json b/2004/2xxx/CVE-2004-2775.json index b27fa2b43d7..22fbd03206a 100644 --- a/2004/2xxx/CVE-2004-2775.json +++ b/2004/2xxx/CVE-2004-2775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2775", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2775", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2300.json b/2008/2xxx/CVE-2008-2300.json index ed327250c86..0c2e74e254e 100644 --- a/2008/2xxx/CVE-2008-2300.json +++ b/2008/2xxx/CVE-2008-2300.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX116941", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX116941" - }, - { - "name" : "29232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29232" - }, - { - "name" : "ADV-2008-1530", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1530/references" - }, - { - "name" : "1020027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020027" - }, - { - "name" : "30271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30271" - }, - { - "name" : "citrix-presentationserver-unauth-access(42439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29232" + }, + { + "name": "30271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30271" + }, + { + "name": "1020027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020027" + }, + { + "name": "http://support.citrix.com/article/CTX116941", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX116941" + }, + { + "name": "ADV-2008-1530", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1530/references" + }, + { + "name": "citrix-presentationserver-unauth-access(42439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2376.json b/2008/2xxx/CVE-2008-2376.json index c659717d2eb..9736decc515 100644 --- a/2008/2xxx/CVE-2008-2376.json +++ b/2008/2xxx/CVE-2008-2376.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080708 rPSA-2008-0218-1 ruby", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494104/100/0/threaded" - }, - { - "name" : "[oss-security] 20080702 More ruby integer overflows (rb_ary_fill / Array#fill)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/02/3" - }, - { - "name" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756", - "refsource" : "CONFIRM", - "url" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2639", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2639" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0218", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0218" - }, - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "DSA-1612", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1612" - }, - { - "name" : "DSA-1618", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1618" - }, - { - "name" : "FEDORA-2008-6033", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html" - }, - { - "name" : "FEDORA-2008-6094", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html" - }, - { - "name" : "GLSA-200812-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml" - }, - { - "name" : "MDVSA-2008:140", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" - }, - { - "name" : "MDVSA-2008:141", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" - }, - { - "name" : "MDVSA-2008:142", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" - }, - { - "name" : "RHSA-2008:0561", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0561.html" - }, - { - "name" : "USN-651-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/651-1/" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "oval:org.mitre.oval:def:9863", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "30927", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30927" - }, - { - "name" : "31006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31006" - }, - { - "name" : "31062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31062" - }, - { - "name" : "31090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31090" - }, - { - "name" : "31181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31181" - }, - { - "name" : "31256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31256" - }, - { - "name" : "33178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33178" - }, - { - "name" : "32219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31090" + }, + { + "name": "USN-651-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/651-1/" + }, + { + "name": "MDVSA-2008:141", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "31006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31006" + }, + { + "name": "FEDORA-2008-6033", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html" + }, + { + "name": "DSA-1618", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1618" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "31062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31062" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2639", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2639" + }, + { + "name": "31256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31256" + }, + { + "name": "FEDORA-2008-6094", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html" + }, + { + "name": "32219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32219" + }, + { + "name": "[oss-security] 20080702 More ruby integer overflows (rb_ary_fill / Array#fill)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/02/3" + }, + { + "name": "MDVSA-2008:140", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" + }, + { + "name": "oval:org.mitre.oval:def:9863", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0218", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0218" + }, + { + "name": "RHSA-2008:0561", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html" + }, + { + "name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756", + "refsource": "CONFIRM", + "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756" + }, + { + "name": "DSA-1612", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1612" + }, + { + "name": "GLSA-200812-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" + }, + { + "name": "33178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33178" + }, + { + "name": "30927", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30927" + }, + { + "name": "20080708 rPSA-2008-0218-1 ruby", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494104/100/0/threaded" + }, + { + "name": "MDVSA-2008:142", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" + }, + { + "name": "31181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31181" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2744.json b/2008/2xxx/CVE-2008-2744.json index 1f1f992961d..8532c95b5dd 100644 --- a/2008/2xxx/CVE-2008-2744.json +++ b/2008/2xxx/CVE-2008-2744.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an \"obscure method.\" NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080613 Exploit for vBulletin \"obscure\" XSS (3.7.1 & 3.6.10)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493340/100/0/threaded" - }, - { - "name" : "http://www.vbulletin.com/forum/showthread.php?t=274882", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/showthread.php?t=274882" - }, - { - "name" : "29704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29704" - }, - { - "name" : "1020322", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020322" - }, - { - "name" : "30733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30733" - }, - { - "name" : "3946", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3946" - }, - { - "name" : "vbulletin-redirect-xss(43090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an \"obscure method.\" NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30733" + }, + { + "name": "vbulletin-redirect-xss(43090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43090" + }, + { + "name": "20080613 Exploit for vBulletin \"obscure\" XSS (3.7.1 & 3.6.10)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493340/100/0/threaded" + }, + { + "name": "http://www.vbulletin.com/forum/showthread.php?t=274882", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/showthread.php?t=274882" + }, + { + "name": "3946", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3946" + }, + { + "name": "1020322", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020322" + }, + { + "name": "29704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29704" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3328.json b/2008/3xxx/CVE-2008-3328.json index 35156083c04..dab5eabd4ae 100644 --- a/2008/3xxx/CVE-2008-3328.json +++ b/2008/3xxx/CVE-2008-3328.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.edgewall.org/wiki/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://trac.edgewall.org/wiki/ChangeLog" - }, - { - "name" : "FEDORA-2008-6830", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html" - }, - { - "name" : "FEDORA-2008-6833", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html" - }, - { - "name" : "30400", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30400" - }, - { - "name" : "ADV-2008-2223", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2223/references" - }, - { - "name" : "31231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31231" - }, - { - "name" : "31314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31314" - }, - { - "name" : "trac-wikiengine-xss(44016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-6833", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html" + }, + { + "name": "FEDORA-2008-6830", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html" + }, + { + "name": "30400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30400" + }, + { + "name": "trac-wikiengine-xss(44016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44016" + }, + { + "name": "31231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31231" + }, + { + "name": "31314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31314" + }, + { + "name": "ADV-2008-2223", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2223/references" + }, + { + "name": "http://trac.edgewall.org/wiki/ChangeLog", + "refsource": "CONFIRM", + "url": "http://trac.edgewall.org/wiki/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3817.json b/2008/3xxx/CVE-2008-3817.json index 7efc8ade45c..3744020e113 100644 --- a/2008/3xxx/CVE-2008-3817.json +++ b/2008/3xxx/CVE-2008-3817.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the \"initialization code for the hardware crypto accelerator.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-3817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081022 Multiple Vulnerabilities in Cisco PIX and Cisco ASA", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml" - }, - { - "name" : "31865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31865" - }, - { - "name" : "oval:org.mitre.oval:def:5597", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5597" - }, - { - "name" : "ADV-2008-2899", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2899" - }, - { - "name" : "1021088", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021088" - }, - { - "name" : "32392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32392" - }, - { - "name" : "cisco-asa-cryptoaccelerator-dos(46027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the \"initialization code for the hardware crypto accelerator.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31865" + }, + { + "name": "32392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32392" + }, + { + "name": "oval:org.mitre.oval:def:5597", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5597" + }, + { + "name": "cisco-asa-cryptoaccelerator-dos(46027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46027" + }, + { + "name": "1021088", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021088" + }, + { + "name": "20081022 Multiple Vulnerabilities in Cisco PIX and Cisco ASA", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml" + }, + { + "name": "ADV-2008-2899", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2899" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3848.json b/2008/3xxx/CVE-2008-3848.json index f05f8c265a4..c12fcffec2d 100644 --- a/2008/3xxx/CVE-2008-3848.json +++ b/2008/3xxx/CVE-2008-3848.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6309", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6309" - }, - { - "name" : "30831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30831" - }, - { - "name" : "zbreaknews-single-sql-injection(44675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zbreaknews-single-sql-injection(44675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44675" + }, + { + "name": "30831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30831" + }, + { + "name": "6309", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6309" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3958.json b/2008/3xxx/CVE-2008-3958.json index 465d585c244..0ec7bb052c8 100644 --- a/2008/3xxx/CVE-2008-3958.json +++ b/2008/3xxx/CVE-2008-3958.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" - }, - { - "name" : "IZ08134", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134" - }, - { - "name" : "31058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31058" - }, - { - "name" : "48144", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48144" - }, - { - "name" : "31787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31787" - }, - { - "name" : "ibm-db2-connect-attach-dos1(45133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" + }, + { + "name": "31058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31058" + }, + { + "name": "IZ08134", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134" + }, + { + "name": "31787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31787" + }, + { + "name": "48144", + "refsource": "OSVDB", + "url": "http://osvdb.org/48144" + }, + { + "name": "ibm-db2-connect-attach-dos1(45133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45133" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6248.json b/2008/6xxx/CVE-2008-6248.json index 5de78cd3ab0..bcdc8422b20 100644 --- a/2008/6xxx/CVE-2008-6248.json +++ b/2008/6xxx/CVE-2008-6248.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6075", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6075" - }, - { - "name" : "30232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30232" - }, - { - "name" : "31098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31098" - }, - { - "name" : "galatolowebmanager-all-xss(43781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30232" + }, + { + "name": "galatolowebmanager-all-xss(43781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43781" + }, + { + "name": "31098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31098" + }, + { + "name": "6075", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6075" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6406.json b/2008/6xxx/CVE-2008-6406.json index 3f5a7595274..5981c0661ab 100644 --- a/2008/6xxx/CVE-2008-6406.json +++ b/2008/6xxx/CVE-2008-6406.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080923 Xss In Datalife Engine CMS 7.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496605/100/0/threaded" - }, - { - "name" : "31335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31335" - }, - { - "name" : "31998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31998" - }, - { - "name" : "datalifeengine-admin-xss(45345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080923 Xss In Datalife Engine CMS 7.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496605/100/0/threaded" + }, + { + "name": "datalifeengine-admin-xss(45345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45345" + }, + { + "name": "31335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31335" + }, + { + "name": "31998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31998" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6641.json b/2008/6xxx/CVE-2008-6641.json index e941b672931..c9f27ff2b1d 100644 --- a/2008/6xxx/CVE-2008-6641.json +++ b/2008/6xxx/CVE-2008-6641.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5564", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5564" - }, - { - "name" : "29091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29091" - }, - { - "name" : "shadertv-sid-sql-injection(42261)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5564", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5564" + }, + { + "name": "29091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29091" + }, + { + "name": "shadertv-sid-sql-injection(42261)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42261" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5706.json b/2012/5xxx/CVE-2012-5706.json index 418eac3f17a..588752fe0fb 100644 --- a/2012/5xxx/CVE-2012-5706.json +++ b/2012/5xxx/CVE-2012-5706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5706", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5706", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5777.json b/2012/5xxx/CVE-2012-5777.json index 91765e54639..b979594cf6f 100644 --- a/2012/5xxx/CVE-2012-5777.json +++ b/2012/5xxx/CVE-2012-5777.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121105 [CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0027.html" - }, - { - "name" : "http://packetstormsecurity.com/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html" - }, - { - "name" : "http://packetstormsecurity.org/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html" - }, - { - "name" : "56406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56406" - }, - { - "name" : "empirecms-template-code-execution(79779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html" + }, + { + "name": "empirecms-template-code-execution(79779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79779" + }, + { + "name": "56406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56406" + }, + { + "name": "20121105 [CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0027.html" + }, + { + "name": "http://packetstormsecurity.com/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5783.json b/2012/5xxx/CVE-2012-5783.json index 9a601a95458..a9b86e8d2bb 100644 --- a/2012/5xxx/CVE-2012-5783.json +++ b/2012/5xxx/CVE-2012-5783.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/HTTPCLIENT-1265" - }, - { - "name" : "RHSA-2013:0270", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0270.html" - }, - { - "name" : "RHSA-2013:0679", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0679.html" - }, - { - "name" : "RHSA-2013:0680", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0680.html" - }, - { - "name" : "RHSA-2013:0681", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0681.html" - }, - { - "name" : "RHSA-2013:0682", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0682.html" - }, - { - "name" : "RHSA-2013:1147", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1147.html" - }, - { - "name" : "RHSA-2013:1853", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1853.html" - }, - { - "name" : "RHSA-2014:0224", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0224.html" - }, - { - "name" : "RHSA-2017:0868", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0868" - }, - { - "name" : "openSUSE-SU-2013:0354", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html" - }, - { - "name" : "openSUSE-SU-2013:0622", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html" - }, - { - "name" : "openSUSE-SU-2013:0623", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html" - }, - { - "name" : "openSUSE-SU-2013:0638", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html" - }, - { - "name" : "USN-2769-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2769-1" - }, - { - "name" : "58073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58073" - }, - { - "name" : "apache-commons-ssl-spoofing(79984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0681", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0681.html" + }, + { + "name": "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1265" + }, + { + "name": "openSUSE-SU-2013:0622", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html" + }, + { + "name": "RHSA-2013:0680", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0680.html" + }, + { + "name": "RHSA-2017:0868", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0868" + }, + { + "name": "openSUSE-SU-2013:0354", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html" + }, + { + "name": "58073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58073" + }, + { + "name": "apache-commons-ssl-spoofing(79984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984" + }, + { + "name": "RHSA-2013:0270", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0270.html" + }, + { + "name": "RHSA-2013:0682", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0682.html" + }, + { + "name": "openSUSE-SU-2013:0638", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html" + }, + { + "name": "openSUSE-SU-2013:0623", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html" + }, + { + "name": "RHSA-2013:1853", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + }, + { + "name": "RHSA-2013:0679", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0679.html" + }, + { + "name": "RHSA-2013:1147", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html" + }, + { + "name": "USN-2769-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2769-1" + }, + { + "name": "RHSA-2014:0224", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0224.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2214.json b/2013/2xxx/CVE-2013-2214.json index e611ddbf0af..a82058ce54e 100644 --- a/2013/2xxx/CVE-2013-2214.json +++ b/2013/2xxx/CVE-2013-2214.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor \"decided to change it for Nagios 4\" and 3.5.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130626 CVE request: unauthorized host/service views displayed in servicegroup view", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/619" - }, - { - "name" : "[oss-security] 20130626 Re: CVE request: unauthorized host/service views displayed in servicegroup view", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/622" - }, - { - "name" : "http://tracker.nagios.org/view.php?id=456", - "refsource" : "CONFIRM", - "url" : "http://tracker.nagios.org/view.php?id=456" - }, - { - "name" : "openSUSE-SU-2013:1158", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html" - }, - { - "name" : "openSUSE-SU-2013:1160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor \"decided to change it for Nagios 4\" and 3.5.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130626 Re: CVE request: unauthorized host/service views displayed in servicegroup view", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/622" + }, + { + "name": "openSUSE-SU-2013:1158", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html" + }, + { + "name": "[oss-security] 20130626 CVE request: unauthorized host/service views displayed in servicegroup view", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/619" + }, + { + "name": "openSUSE-SU-2013:1160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html" + }, + { + "name": "http://tracker.nagios.org/view.php?id=456", + "refsource": "CONFIRM", + "url": "http://tracker.nagios.org/view.php?id=456" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11555.json b/2017/11xxx/CVE-2017-11555.json index 71d956f58b6..a248dcd9154 100644 --- a/2017/11xxx/CVE-2017-11555.json +++ b/2017/11xxx/CVE-2017-11555.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1471782", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1471782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1471782", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471782" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11622.json b/2017/11xxx/CVE-2017-11622.json index c0547991ee3..9af56452c19 100644 --- a/2017/11xxx/CVE-2017-11622.json +++ b/2017/11xxx/CVE-2017-11622.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11622", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11622", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11709.json b/2017/11xxx/CVE-2017-11709.json index e600bfb6f76..d5823675c75 100644 --- a/2017/11xxx/CVE-2017-11709.json +++ b/2017/11xxx/CVE-2017-11709.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11709", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11709", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11757.json b/2017/11xxx/CVE-2017-11757.json index c7236baccde..eb06c459625 100644 --- a/2017/11xxx/CVE-2017-11757.json +++ b/2017/11xxx/CVE-2017-11757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://supportservices.actian.com/support-services/security-center#announcements", - "refsource" : "MISC", - "url" : "http://supportservices.actian.com/support-services/security-center#announcements" - }, - { - "name" : "https://blogs.securiteam.com/index.php/archives/2924", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/2924" - }, - { - "name" : "https://twitter.com/SecuriTeam_SSD/status/815567538318954496", - "refsource" : "MISC", - "url" : "https://twitter.com/SecuriTeam_SSD/status/815567538318954496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://supportservices.actian.com/support-services/security-center#announcements", + "refsource": "MISC", + "url": "http://supportservices.actian.com/support-services/security-center#announcements" + }, + { + "name": "https://twitter.com/SecuriTeam_SSD/status/815567538318954496", + "refsource": "MISC", + "url": "https://twitter.com/SecuriTeam_SSD/status/815567538318954496" + }, + { + "name": "https://blogs.securiteam.com/index.php/archives/2924", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/2924" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11838.json b/2017/11xxx/CVE-2017-11838.json index 2b7dc28d400..76a8ac6bc77 100644 --- a/2017/11xxx/CVE-2017-11838.json +++ b/2017/11xxx/CVE-2017-11838.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge, Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge, Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838" - }, - { - "name" : "101737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101737" - }, - { - "name" : "1039780", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039780" - }, - { - "name" : "1039781", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039781", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039781" + }, + { + "name": "1039780", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039780" + }, + { + "name": "101737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101737" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14100.json b/2017/14xxx/CVE-2017-14100.json index 777c1d81156..ebce3bb7aaf 100644 --- a/2017/14xxx/CVE-2017-14100.json +++ b/2017/14xxx/CVE-2017-14100.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2017-006.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2017-006.html" - }, - { - "name" : "https://bugs.debian.org/873908", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/873908" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-27103", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-27103" - }, - { - "name" : "DSA-3964", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3964" - }, - { - "name" : "GLSA-201710-29", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-29" - }, - { - "name" : "1039252", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27103", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103" + }, + { + "name": "1039252", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039252" + }, + { + "name": "https://bugs.debian.org/873908", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/873908" + }, + { + "name": "GLSA-201710-29", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-29" + }, + { + "name": "DSA-3964", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3964" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2017-006.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14380.json b/2017/14xxx/CVE-2017-14380.json index 016048aa5fd..d5d86b9a737 100644 --- a/2017/14xxx/CVE-2017-14380.json +++ b/2017/14xxx/CVE-2017-14380.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-14380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-14380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x", + "version": { + "version_data": [ + { + "version_value": "EMC Isilon OneFS 8.1.0.0, 8.0.1.0 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, 7.1.1.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Dec/41", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Dec/41" - }, - { - "name" : "102210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Dec/41", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Dec/41" + }, + { + "name": "102210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102210" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14644.json b/2017/14xxx/CVE-2017-14644.json index 7e21f99e616..de8aa610a54 100644 --- a/2017/14xxx/CVE-2017-14644.json +++ b/2017/14xxx/CVE-2017-14644.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/09/14/bento4-heap-based-buffer-overflow-in-ap4_hdlratomap4_hdlratom-ap4hdlratom-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/14/bento4-heap-based-buffer-overflow-in-ap4_hdlratomap4_hdlratom-ap4hdlratom-cpp/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/09/14/bento4-heap-based-buffer-overflow-in-ap4_hdlratomap4_hdlratom-ap4hdlratom-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/14/bento4-heap-based-buffer-overflow-in-ap4_hdlratomap4_hdlratom-ap4hdlratom-cpp/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14681.json b/2017/14xxx/CVE-2017-14681.json index 60422633cca..cc3a5fb2f6a 100644 --- a/2017/14xxx/CVE-2017-14681.json +++ b/2017/14xxx/CVE-2017-14681.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a \"kill `cat /pathname/p3scan.pid`\" command, as demonstrated by etc/init.d/p3scan." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/p3scan/bugs/33/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/p3scan/bugs/33/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a \"kill `cat /pathname/p3scan.pid`\" command, as demonstrated by etc/init.d/p3scan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/p3scan/bugs/33/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/p3scan/bugs/33/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14980.json b/2017/14xxx/CVE-2017-14980.json index e37535ef7a1..3432d6323e3 100644 --- a/2017/14xxx/CVE-2017-14980.json +++ b/2017/14xxx/CVE-2017-14980.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/144452/Sync-Breeze-Enterprise-10.0.28-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/144452/Sync-Breeze-Enterprise-10.0.28-Buffer-Overflow.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/144452/Sync-Breeze-Enterprise-10.0.28-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/144452/Sync-Breeze-Enterprise-10.0.28-Buffer-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15057.json b/2017/15xxx/CVE-2017-15057.json index 7af8dff1013..563a55a38e0 100644 --- a/2017/15xxx/CVE-2017-15057.json +++ b/2017/15xxx/CVE-2017-15057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15230.json b/2017/15xxx/CVE-2017-15230.json index 0c8652a0966..85e90155292 100644 --- a/2017/15xxx/CVE-2017-15230.json +++ b/2017/15xxx/CVE-2017-15230.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15230", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15230", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15872.json b/2017/15xxx/CVE-2017-15872.json index d65b82cf206..4f4c4c224d7 100644 --- a/2017/15xxx/CVE-2017-15872.json +++ b/2017/15xxx/CVE-2017-15872.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/slackero/phpwcms/commit/62c7c4a7a7de5effa0a82c89e77e53795a82e11d", - "refsource" : "CONFIRM", - "url" : "https://github.com/slackero/phpwcms/commit/62c7c4a7a7de5effa0a82c89e77e53795a82e11d" - }, - { - "name" : "https://github.com/slackero/phpwcms/commit/90ee94a474b37919161f8112f9e36c53ad70492f", - "refsource" : "CONFIRM", - "url" : "https://github.com/slackero/phpwcms/commit/90ee94a474b37919161f8112f9e36c53ad70492f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/slackero/phpwcms/commit/90ee94a474b37919161f8112f9e36c53ad70492f", + "refsource": "CONFIRM", + "url": "https://github.com/slackero/phpwcms/commit/90ee94a474b37919161f8112f9e36c53ad70492f" + }, + { + "name": "https://github.com/slackero/phpwcms/commit/62c7c4a7a7de5effa0a82c89e77e53795a82e11d", + "refsource": "CONFIRM", + "url": "https://github.com/slackero/phpwcms/commit/62c7c4a7a7de5effa0a82c89e77e53795a82e11d" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15873.json b/2017/15xxx/CVE-2017-15873.json index fb5b763151d..1c4f853b38f 100644 --- a/2017/15xxx/CVE-2017-15873.json +++ b/2017/15xxx/CVE-2017-15873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" - }, - { - "name" : "https://bugs.busybox.net/show_bug.cgi?id=10431", - "refsource" : "MISC", - "url" : "https://bugs.busybox.net/show_bug.cgi?id=10431" - }, - { - "name" : "https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0", - "refsource" : "MISC", - "url" : "https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0", + "refsource": "MISC", + "url": "https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0" + }, + { + "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" + }, + { + "name": "https://bugs.busybox.net/show_bug.cgi?id=10431", + "refsource": "MISC", + "url": "https://bugs.busybox.net/show_bug.cgi?id=10431" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8208.json b/2017/8xxx/CVE-2017-8208.json index e6c028ee98a..095d95bfbfc 100644 --- a/2017/8xxx/CVE-2017-8208.json +++ b/2017/8xxx/CVE-2017-8208.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "honor 5C,honor 6x", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "honor 5C,honor 6x", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8289.json b/2017/8xxx/CVE-2017-8289.json index 2da9b6e23d7..e05a3a980b2 100644 --- a/2017/8xxx/CVE-2017-8289.json +++ b/2017/8xxx/CVE-2017-8289.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via a malformed IPv6 address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/RIOT-OS/RIOT/issues/6840", - "refsource" : "CONFIRM", - "url" : "https://github.com/RIOT-OS/RIOT/issues/6840" - }, - { - "name" : "https://github.com/RIOT-OS/RIOT/pull/6961", - "refsource" : "CONFIRM", - "url" : "https://github.com/RIOT-OS/RIOT/pull/6961" - }, - { - "name" : "https://github.com/RIOT-OS/RIOT/pull/6962", - "refsource" : "CONFIRM", - "url" : "https://github.com/RIOT-OS/RIOT/pull/6962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via a malformed IPv6 address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/RIOT-OS/RIOT/issues/6840", + "refsource": "CONFIRM", + "url": "https://github.com/RIOT-OS/RIOT/issues/6840" + }, + { + "name": "https://github.com/RIOT-OS/RIOT/pull/6961", + "refsource": "CONFIRM", + "url": "https://github.com/RIOT-OS/RIOT/pull/6961" + }, + { + "name": "https://github.com/RIOT-OS/RIOT/pull/6962", + "refsource": "CONFIRM", + "url": "https://github.com/RIOT-OS/RIOT/pull/6962" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8302.json b/2017/8xxx/CVE-2017-8302.json index c011ba3fade..af9002f845b 100644 --- a/2017/8xxx/CVE-2017-8302.json +++ b/2017/8xxx/CVE-2017-8302.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/blueriver/MuraCMS/commit/0e387c9454b3c085fe5e7cd876ed746ca16d5308", - "refsource" : "CONFIRM", - "url" : "https://github.com/blueriver/MuraCMS/commit/0e387c9454b3c085fe5e7cd876ed746ca16d5308" - }, - { - "name" : "https://github.com/blueriver/MuraCMS/issues/2577", - "refsource" : "CONFIRM", - "url" : "https://github.com/blueriver/MuraCMS/issues/2577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/blueriver/MuraCMS/commit/0e387c9454b3c085fe5e7cd876ed746ca16d5308", + "refsource": "CONFIRM", + "url": "https://github.com/blueriver/MuraCMS/commit/0e387c9454b3c085fe5e7cd876ed746ca16d5308" + }, + { + "name": "https://github.com/blueriver/MuraCMS/issues/2577", + "refsource": "CONFIRM", + "url": "https://github.com/blueriver/MuraCMS/issues/2577" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8324.json b/2017/8xxx/CVE-2017-8324.json index 83488ab8a82..da89cf720e8 100644 --- a/2017/8xxx/CVE-2017-8324.json +++ b/2017/8xxx/CVE-2017-8324.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8324", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8324", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8803.json b/2017/8xxx/CVE-2017-8803.json index 4398bed7f38..35c41bea801 100644 --- a/2017/8xxx/CVE-2017-8803.json +++ b/2017/8xxx/CVE-2017-8803.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a \"Data from Faulting Address controls Code Flow\" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8803", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a \"Data from Faulting Address controls Code Flow\" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8803", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8803" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10091.json b/2018/10xxx/CVE-2018-10091.json index 094d73bce91..613179d20b6 100644 --- a/2018/10xxx/CVE-2018-10091.json +++ b/2018/10xxx/CVE-2018-10091.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10091", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151115/AudioCode-400HD-Cross-Site-scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151115/AudioCode-400HD-Cross-Site-scripting.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Jan/37", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Jan/37" } ] } diff --git a/2018/12xxx/CVE-2018-12162.json b/2018/12xxx/CVE-2018-12162.json index 81fb25c524f..4cec9f36bc1 100644 --- a/2018/12xxx/CVE-2018-12162.json +++ b/2018/12xxx/CVE-2018-12162.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-09-11T00:00:00", - "ID" : "CVE-2018-12162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) OpenVINO(TM) Toolkit for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "v2018.1.265 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-09-11T00:00:00", + "ID": "CVE-2018-12162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) OpenVINO(TM) Toolkit for Windows", + "version": { + "version_data": [ + { + "version_value": "v2018.1.265 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12324.json b/2018/12xxx/CVE-2018-12324.json index d84d60d75f1..6c09b56db9e 100644 --- a/2018/12xxx/CVE-2018-12324.json +++ b/2018/12xxx/CVE-2018-12324.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12324", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12324", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12342.json b/2018/12xxx/CVE-2018-12342.json index edd4b067e09..f18c71f1702 100644 --- a/2018/12xxx/CVE-2018-12342.json +++ b/2018/12xxx/CVE-2018-12342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12342", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12342", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12346.json b/2018/12xxx/CVE-2018-12346.json index 35f86e2c7f4..3e8f25c1c50 100644 --- a/2018/12xxx/CVE-2018-12346.json +++ b/2018/12xxx/CVE-2018-12346.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12346", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12346", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12485.json b/2018/12xxx/CVE-2018-12485.json index 7d7b4e0518d..712c33692fa 100644 --- a/2018/12xxx/CVE-2018-12485.json +++ b/2018/12xxx/CVE-2018-12485.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12485", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12485", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13089.json b/2018/13xxx/CVE-2018-13089.json index f60c4553cc7..e07e5130ffb 100644 --- a/2018/13xxx/CVE-2018-13089.json +++ b/2018/13xxx/CVE-2018-13089.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VenusADLab/EtherTokens/blob/master/UCoinToken/UCoinToken.md", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/blob/master/UCoinToken/UCoinToken.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VenusADLab/EtherTokens/blob/master/UCoinToken/UCoinToken.md", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/blob/master/UCoinToken/UCoinToken.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13255.json b/2018/13xxx/CVE-2018-13255.json index 1e5349f6b82..dc1a0c3f1f6 100644 --- a/2018/13xxx/CVE-2018-13255.json +++ b/2018/13xxx/CVE-2018-13255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13262.json b/2018/13xxx/CVE-2018-13262.json index dbef6734f5f..13565aa4e56 100644 --- a/2018/13xxx/CVE-2018-13262.json +++ b/2018/13xxx/CVE-2018-13262.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13262", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13262", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13518.json b/2018/13xxx/CVE-2018-13518.json index 466e3479b90..8aca69181cb 100644 --- a/2018/13xxx/CVE-2018-13518.json +++ b/2018/13xxx/CVE-2018-13518.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TCash", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TCash" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TCash", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TCash" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13635.json b/2018/13xxx/CVE-2018-13635.json index f7ab3bcd6db..bd800d6b62a 100644 --- a/2018/13xxx/CVE-2018-13635.json +++ b/2018/13xxx/CVE-2018-13635.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for HBCM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HBCM", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HBCM" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for HBCM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HBCM", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HBCM" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13954.json b/2018/13xxx/CVE-2018-13954.json index 58fea2ccaec..8acc3973245 100644 --- a/2018/13xxx/CVE-2018-13954.json +++ b/2018/13xxx/CVE-2018-13954.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13954", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13954", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16107.json b/2018/16xxx/CVE-2018-16107.json index 9bd1ab525ac..fc15a337f48 100644 --- a/2018/16xxx/CVE-2018-16107.json +++ b/2018/16xxx/CVE-2018-16107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16107", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16107", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16283.json b/2018/16xxx/CVE-2018-16283.json index 9a6ed0b85e6..142789bfb9b 100644 --- a/2018/16xxx/CVE-2018-16283.json +++ b/2018/16xxx/CVE-2018-16283.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45438", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45438/" - }, - { - "name" : "20180920 WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Sep/32" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9132", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9132" - }, - { - "name" : "https://github.com/springjk/wordpress-wechat-broadcast/issues/14", - "refsource" : "CONFIRM", - "url" : "https://github.com/springjk/wordpress-wechat-broadcast/issues/14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180920 WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Sep/32" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9132", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9132" + }, + { + "name": "45438", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45438/" + }, + { + "name": "https://github.com/springjk/wordpress-wechat-broadcast/issues/14", + "refsource": "CONFIRM", + "url": "https://github.com/springjk/wordpress-wechat-broadcast/issues/14" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16496.json b/2018/16xxx/CVE-2018-16496.json index 640770b6143..91c4c7318ef 100644 --- a/2018/16xxx/CVE-2018-16496.json +++ b/2018/16xxx/CVE-2018-16496.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16496", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16496", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16966.json b/2018/16xxx/CVE-2018-16966.json index b2a9b09562f..8d9d7ca1306 100644 --- a/2018/16xxx/CVE-2018-16966.json +++ b/2018/16xxx/CVE-2018-16966.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16966", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16966", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4029.json b/2018/4xxx/CVE-2018-4029.json index 96ce4efd815..1dc270ed1a1 100644 --- a/2018/4xxx/CVE-2018-4029.json +++ b/2018/4xxx/CVE-2018-4029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4162.json b/2018/4xxx/CVE-2018-4162.json index bff7659f12f..c547f52c58c 100644 --- a/2018/4xxx/CVE-2018-4162.json +++ b/2018/4xxx/CVE-2018-4162.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "https://support.apple.com/HT208694", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208694" - }, - { - "name" : "https://support.apple.com/HT208695", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208695" - }, - { - "name" : "https://support.apple.com/HT208696", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208696" - }, - { - "name" : "https://support.apple.com/HT208697", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208697" - }, - { - "name" : "https://support.apple.com/HT208698", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208698" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - }, - { - "name" : "USN-3635-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3635-1/" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208698", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208698" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://support.apple.com/HT208696", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208696" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "https://support.apple.com/HT208694", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208694" + }, + { + "name": "https://support.apple.com/HT208697", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208697" + }, + { + "name": "USN-3635-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3635-1/" + }, + { + "name": "https://support.apple.com/HT208695", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208695" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4326.json b/2018/4xxx/CVE-2018-4326.json index 4e93eff9256..43674e90d3a 100644 --- a/2018/4xxx/CVE-2018-4326.json +++ b/2018/4xxx/CVE-2018-4326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4636.json b/2018/4xxx/CVE-2018-4636.json index 22b6191f298..47a721bf702 100644 --- a/2018/4xxx/CVE-2018-4636.json +++ b/2018/4xxx/CVE-2018-4636.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4636", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4636", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4927.json b/2018/4xxx/CVE-2018-4927.json index e657323e984..abe9b24f4a3 100644 --- a/2018/4xxx/CVE-2018-4927.json +++ b/2018/4xxx/CVE-2018-4927.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InDesign 13.0 and below", - "version" : { - "version_data" : [ - { - "version_value" : "InDesign 13.0 and below" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted Search Path" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InDesign 13.0 and below", + "version": { + "version_data": [ + { + "version_value": "InDesign 13.0 and below" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/indesign/apsb18-11.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/indesign/apsb18-11.html" - }, - { - "name" : "103716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Search Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/indesign/apsb18-11.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/indesign/apsb18-11.html" + }, + { + "name": "103716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103716" + } + ] + } +} \ No newline at end of file