From 03be2d5d0397e303bccf98504cb49b5b29c896a0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 07:02:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0166.json | 170 +++++++------- 2003/0xxx/CVE-2003-0339.json | 140 +++++------ 2003/0xxx/CVE-2003-0461.json | 190 +++++++-------- 2003/1xxx/CVE-2003-1003.json | 120 +++++----- 2003/1xxx/CVE-2003-1201.json | 190 +++++++-------- 2003/1xxx/CVE-2003-1303.json | 140 +++++------ 2003/1xxx/CVE-2003-1479.json | 160 ++++++------- 2004/0xxx/CVE-2004-0149.json | 140 +++++------ 2004/0xxx/CVE-2004-0685.json | 300 ++++++++++++------------ 2004/0xxx/CVE-2004-0720.json | 140 +++++------ 2004/0xxx/CVE-2004-0748.json | 190 +++++++-------- 2004/1xxx/CVE-2004-1905.json | 150 ++++++------ 2004/2xxx/CVE-2004-2019.json | 160 ++++++------- 2004/2xxx/CVE-2004-2355.json | 170 +++++++------- 2004/2xxx/CVE-2004-2378.json | 170 +++++++------- 2004/2xxx/CVE-2004-2526.json | 200 ++++++++-------- 2008/2xxx/CVE-2008-2088.json | 150 ++++++------ 2008/2xxx/CVE-2008-2292.json | 410 ++++++++++++++++----------------- 2008/2xxx/CVE-2008-2537.json | 140 +++++------ 2008/2xxx/CVE-2008-2643.json | 150 ++++++------ 2008/6xxx/CVE-2008-6130.json | 170 +++++++------- 2008/6xxx/CVE-2008-6224.json | 150 ++++++------ 2008/6xxx/CVE-2008-6481.json | 140 +++++------ 2012/1xxx/CVE-2012-1322.json | 34 +-- 2012/1xxx/CVE-2012-1536.json | 34 +-- 2012/1xxx/CVE-2012-1550.json | 34 +-- 2012/1xxx/CVE-2012-1714.json | 120 +++++----- 2012/5xxx/CVE-2012-5004.json | 160 ++++++------- 2012/5xxx/CVE-2012-5051.json | 140 +++++------ 2012/5xxx/CVE-2012-5199.json | 130 +++++------ 2012/5xxx/CVE-2012-5222.json | 130 +++++------ 2012/5xxx/CVE-2012-5349.json | 170 +++++++------- 2012/5xxx/CVE-2012-5702.json | 170 +++++++------- 2017/11xxx/CVE-2017-11194.json | 130 +++++------ 2017/11xxx/CVE-2017-11298.json | 140 +++++------ 2017/11xxx/CVE-2017-11569.json | 130 +++++------ 2017/11xxx/CVE-2017-11738.json | 34 +-- 2017/11xxx/CVE-2017-11856.json | 132 +++++------ 2017/3xxx/CVE-2017-3235.json | 176 +++++++------- 2017/3xxx/CVE-2017-3380.json | 166 ++++++------- 2017/3xxx/CVE-2017-3534.json | 182 +++++++-------- 2017/7xxx/CVE-2017-7084.json | 140 +++++------ 2017/7xxx/CVE-2017-7271.json | 150 ++++++------ 2017/7xxx/CVE-2017-7935.json | 120 +++++----- 2017/8xxx/CVE-2017-8444.json | 120 +++++----- 2017/8xxx/CVE-2017-8532.json | 140 +++++------ 2017/8xxx/CVE-2017-8536.json | 150 ++++++------ 2017/8xxx/CVE-2017-8780.json | 120 +++++----- 2018/10xxx/CVE-2018-10037.json | 34 +-- 2018/10xxx/CVE-2018-10112.json | 130 +++++------ 2018/10xxx/CVE-2018-10370.json | 34 +-- 2018/10xxx/CVE-2018-10750.json | 120 +++++----- 2018/10xxx/CVE-2018-10968.json | 120 +++++----- 2018/12xxx/CVE-2018-12130.json | 34 +-- 2018/12xxx/CVE-2018-12295.json | 34 +-- 2018/12xxx/CVE-2018-12412.json | 240 +++++++++---------- 2018/12xxx/CVE-2018-12705.json | 130 +++++------ 2018/12xxx/CVE-2018-12819.json | 130 +++++------ 2018/13xxx/CVE-2018-13107.json | 34 +-- 2018/13xxx/CVE-2018-13284.json | 34 +-- 2018/13xxx/CVE-2018-13502.json | 130 +++++------ 2018/13xxx/CVE-2018-13620.json | 130 +++++------ 2018/13xxx/CVE-2018-13711.json | 130 +++++------ 2018/13xxx/CVE-2018-13835.json | 34 +-- 2018/17xxx/CVE-2018-17613.json | 130 +++++------ 65 files changed, 4410 insertions(+), 4410 deletions(-) diff --git a/2003/0xxx/CVE-2003-0166.json b/2003/0xxx/CVE-2003-0166.json index 4d834dba041..45bfbacc355 100644 --- a/2003/0xxx/CVE-2003-0166.json +++ b/2003/0xxx/CVE-2003-0166.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030326 @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104869828526885&w=2" - }, - { - "name" : "20030327 RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104878100719467&w=2" - }, - { - "name" : "20030402 Inaccurate Reports Concerning PHP Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104931415307111&w=2" - }, - { - "name" : "CLSA-2003:691", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691" - }, - { - "name" : "7197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7197" - }, - { - "name" : "7198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030402 Inaccurate Reports Concerning PHP Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104931415307111&w=2" + }, + { + "name": "CLSA-2003:691", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691" + }, + { + "name": "20030327 RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104878100719467&w=2" + }, + { + "name": "7198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7198" + }, + { + "name": "20030326 @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104869828526885&w=2" + }, + { + "name": "7197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7197" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0339.json b/2003/0xxx/CVE-2003-0339.json index f8651a53525..fdf11add720 100644 --- a/2003/0xxx/CVE-2003-0339.json +++ b/2003/0xxx/CVE-2003-0339.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030522 WsMp3d remote exploit.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105361764807746&w=2" - }, - { - "name" : "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105353178019353&w=2" - }, - { - "name" : "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.", - "refsource" : "VULNWATCH", - "url" : "http://marc.info/?l=bugtraq&m=105353178019353&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105353178019353&w=2" + }, + { + "name": "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.", + "refsource": "VULNWATCH", + "url": "http://marc.info/?l=bugtraq&m=105353178019353&w=2" + }, + { + "name": "20030522 WsMp3d remote exploit.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105361764807746&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0461.json b/2003/0xxx/CVE-2003-0461.json index b4217398128..ef5749f87d4 100644 --- a/2003/0xxx/CVE-2003-0461.json +++ b/2003/0xxx/CVE-2003-0461.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html", - "refsource" : "MISC", - "url" : "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html" - }, - { - "name" : "RHSA-2003:238", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html" - }, - { - "name" : "RHSA-2004:188", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html" - }, - { - "name" : "DSA-358", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-358" - }, - { - "name" : "DSA-423", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-423" - }, - { - "name" : "oval:org.mitre.oval:def:304", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304" - }, - { - "name" : "oval:org.mitre.oval:def:997", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997" - }, - { - "name" : "oval:org.mitre.oval:def:9330", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:238", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html" + }, + { + "name": "DSA-423", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-423" + }, + { + "name": "oval:org.mitre.oval:def:304", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304" + }, + { + "name": "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html", + "refsource": "MISC", + "url": "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html" + }, + { + "name": "oval:org.mitre.oval:def:997", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997" + }, + { + "name": "RHSA-2004:188", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-188.html" + }, + { + "name": "DSA-358", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-358" + }, + { + "name": "oval:org.mitre.oval:def:9330", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1003.json b/2003/1xxx/CVE-2003-1003.json index ff64896a928..ca51e76897d 100644 --- a/2003/1xxx/CVE-2003-1003.json +++ b/2003/1xxx/CVE-2003-1003.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031215 Cisco PIX Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031215 Cisco PIX Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1201.json b/2003/1xxx/CVE-2003-1201.json index 0d8e951afb9..e37d96b9ee0 100644 --- a/2003/1xxx/CVE-2003-1201.json +++ b/2003/1xxx/CVE-2003-1201.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openldap.org/its/index.cgi?findid=2390", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/its/index.cgi?findid=2390" - }, - { - "name" : "CLSA-2003:685", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685" - }, - { - "name" : "GLSA-200403-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200403-12.xml" - }, - { - "name" : "7656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7656" - }, - { - "name" : "17000", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17000" - }, - { - "name" : "9203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9203" - }, - { - "name" : "11261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11261" - }, - { - "name" : "openldap-back-ldbm-dos(12520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLSA-2003:685", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685" + }, + { + "name": "17000", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17000" + }, + { + "name": "11261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11261" + }, + { + "name": "GLSA-200403-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200403-12.xml" + }, + { + "name": "7656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7656" + }, + { + "name": "http://www.openldap.org/its/index.cgi?findid=2390", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/its/index.cgi?findid=2390" + }, + { + "name": "9203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9203" + }, + { + "name": "openldap-back-ldbm-dos(12520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12520" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1303.json b/2003/1xxx/CVE-2003-1303.json index 47cf549eddf..bb6f1510827 100644 --- a/2003/1xxx/CVE-2003-1303.json +++ b/2003/1xxx/CVE-2003-1303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2003-1303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040" - }, - { - "name" : "http://bugs.php.net/bug.php?id=24150", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=24150" - }, - { - "name" : "oval:org.mitre.oval:def:10346", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.php.net/bug.php?id=24150", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=24150" + }, + { + "name": "oval:org.mitre.oval:def:10346", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1479.json b/2003/1xxx/CVE-2003-1479.json index 98eda0e6987..dde65f109ee 100644 --- a/2003/1xxx/CVE-2003-1479.json +++ b/2003/1xxx/CVE-2003-1479.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030502 Code Injection Vulnerabilities in WebcamXP Chat Feature", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/320345" - }, - { - "name" : "http://www.frame4.com/content/advisories/FSA-2003-002.txt", - "refsource" : "MISC", - "url" : "http://www.frame4.com/content/advisories/FSA-2003-002.txt" - }, - { - "name" : "7490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7490" - }, - { - "name" : "3304", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3304" - }, - { - "name" : "webcamxp-multiple-xss(11952)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030502 Code Injection Vulnerabilities in WebcamXP Chat Feature", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/320345" + }, + { + "name": "7490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7490" + }, + { + "name": "3304", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3304" + }, + { + "name": "http://www.frame4.com/content/advisories/FSA-2003-002.txt", + "refsource": "MISC", + "url": "http://www.frame4.com/content/advisories/FSA-2003-002.txt" + }, + { + "name": "webcamxp-multiple-xss(11952)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11952" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0149.json b/2004/0xxx/CVE-2004-0149.json index 7029a7d4def..7e8abf7ed5c 100644 --- a/2004/0xxx/CVE-2004-0149.json +++ b/2004/0xxx/CVE-2004-0149.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in xboing before 2.4 allow local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-451", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-451" - }, - { - "name" : "9764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9764" - }, - { - "name" : "xboing-bo(15347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in xboing before 2.4 allow local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xboing-bo(15347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15347" + }, + { + "name": "9764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9764" + }, + { + "name": "DSA-451", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-451" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0685.json b/2004/0xxx/CVE-2004-0685.json index 32d2392aa9e..c579b41ed3d 100644 --- a/2004/0xxx/CVE-2004-0685.json +++ b/2004/0xxx/CVE-2004-0685.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1070" - }, - { - "name" : "DSA-1067", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1067" - }, - { - "name" : "DSA-1069", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1069" - }, - { - "name" : "DSA-1082", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1082" - }, - { - "name" : "FLSA:2336", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336" - }, - { - "name" : "GLSA-200408-24", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml" - }, - { - "name" : "RHSA-2004:504", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html" - }, - { - "name" : "RHSA-2004:505", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-505.html" - }, - { - "name" : "2004-0041", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0041/" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921" - }, - { - "name" : "VU#981134", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/981134" - }, - { - "name" : "10892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10892" - }, - { - "name" : "oval:org.mitre.oval:def:10665", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10665" - }, - { - "name" : "20162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20162" - }, - { - "name" : "20163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20163" - }, - { - "name" : "20202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20202" - }, - { - "name" : "20338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20338" - }, - { - "name" : "linux-usb-gain-privileges(16931)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16931" - }, - { - "name" : "http://www.securityspace.com/smysecure/catid.html?id=14580", - "refsource" : "MISC", - "url" : "http://www.securityspace.com/smysecure/catid.html?id=14580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20163" + }, + { + "name": "VU#981134", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/981134" + }, + { + "name": "linux-usb-gain-privileges(16931)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16931" + }, + { + "name": "http://www.securityspace.com/smysecure/catid.html?id=14580", + "refsource": "MISC", + "url": "http://www.securityspace.com/smysecure/catid.html?id=14580" + }, + { + "name": "DSA-1082", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1082" + }, + { + "name": "10892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10892" + }, + { + "name": "FLSA:2336", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921" + }, + { + "name": "GLSA-200408-24", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml" + }, + { + "name": "DSA-1070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1070" + }, + { + "name": "20162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20162" + }, + { + "name": "2004-0041", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0041/" + }, + { + "name": "DSA-1067", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1067" + }, + { + "name": "DSA-1069", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1069" + }, + { + "name": "RHSA-2004:505", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html" + }, + { + "name": "oval:org.mitre.oval:def:10665", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10665" + }, + { + "name": "20202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20202" + }, + { + "name": "RHSA-2004:504", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-504.html" + }, + { + "name": "20338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20338" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0720.json b/2004/0xxx/CVE-2004-0720.json index 74c6b460cad..f7b74ba718a 100644 --- a/2004/0xxx/CVE-2004-0720.json +++ b/2004/0xxx/CVE-2004-0720.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11978" - }, - { - "name" : "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", - "refsource" : "MISC", - "url" : "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" - }, - { - "name" : "http-frame-spoof(1598)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http-frame-spoof(1598)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" + }, + { + "name": "11978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11978" + }, + { + "name": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", + "refsource": "MISC", + "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0748.json b/2004/0xxx/CVE-2004-0748.json index 5a0df70d932..23f61a5118d 100644 --- a/2004/0xxx/CVE-2004-0748.json +++ b/2004/0xxx/CVE-2004-0748.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750" - }, - { - "name" : "GLSA-200409-21", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml" - }, - { - "name" : "MDKSA-2004:096", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096" - }, - { - "name" : "RHSA-2004:349", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-349.html" - }, - { - "name" : "SUSE-SA:2004:030", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_30_apache2.html" - }, - { - "name" : "2004-0047", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0047/" - }, - { - "name" : "oval:org.mitre.oval:def:11126", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11126" - }, - { - "name" : "apache-modssl-dos(17200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2004:030", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_30_apache2.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750" + }, + { + "name": "2004-0047", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0047/" + }, + { + "name": "MDKSA-2004:096", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096" + }, + { + "name": "GLSA-200409-21", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml" + }, + { + "name": "oval:org.mitre.oval:def:11126", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11126" + }, + { + "name": "RHSA-2004:349", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-349.html" + }, + { + "name": "apache-modssl-dos(17200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17200" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1905.json b/2004/1xxx/CVE-2004-1905.json index 624a5d7be0f..4f1c5fe61f0 100644 --- a/2004/1xxx/CVE-2004-1905.json +++ b/2004/1xxx/CVE-2004-1905.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040406 Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108130573130482&w=2" - }, - { - "name" : "http://theinsider.deep-ice.com/texts/advisory53.txt", - "refsource" : "MISC", - "url" : "http://theinsider.deep-ice.com/texts/advisory53.txt" - }, - { - "name" : "10067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10067" - }, - { - "name" : "panda-activescan-ascontrol-dos(15831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "panda-activescan-ascontrol-dos(15831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15831" + }, + { + "name": "20040406 Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108130573130482&w=2" + }, + { + "name": "http://theinsider.deep-ice.com/texts/advisory53.txt", + "refsource": "MISC", + "url": "http://theinsider.deep-ice.com/texts/advisory53.txt" + }, + { + "name": "10067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10067" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2019.json b/2004/2xxx/CVE-2004-2019.json index 34f8313cdb1..b5ae6563ea1 100644 --- a/2004/2xxx/CVE-2004-2019.json +++ b/2004/2xxx/CVE-2004-2019.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040517 [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108482957715299&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=29", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=29" - }, - { - "name" : "10367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10367" - }, - { - "name" : "11625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11625" - }, - { - "name" : "phpnuke-show-weblink-path-disclosure(16170)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=29", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=29" + }, + { + "name": "10367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10367" + }, + { + "name": "20040517 [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108482957715299&w=2" + }, + { + "name": "11625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11625" + }, + { + "name": "phpnuke-show-weblink-path-disclosure(16170)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16170" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2355.json b/2004/2xxx/CVE-2004-2355.json index 5042654edd2..407ab02bc60 100644 --- a/2004/2xxx/CVE-2004-2355.json +++ b/2004/2xxx/CVE-2004-2355.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040603 Cross-site scripting vulnerability in Crafy Syntax Live Help 2.7.3 and below", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0054.html" - }, - { - "name" : "http://www.craftysyntax.com/CHANGELOG.txt", - "refsource" : "CONFIRM", - "url" : "http://www.craftysyntax.com/CHANGELOG.txt" - }, - { - "name" : "10463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10463" - }, - { - "name" : "6744", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6744" - }, - { - "name" : "11789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11789" - }, - { - "name" : "cslh-chat-name-xss(16321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10463" + }, + { + "name": "http://www.craftysyntax.com/CHANGELOG.txt", + "refsource": "CONFIRM", + "url": "http://www.craftysyntax.com/CHANGELOG.txt" + }, + { + "name": "6744", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6744" + }, + { + "name": "11789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11789" + }, + { + "name": "20040603 Cross-site scripting vulnerability in Crafy Syntax Live Help 2.7.3 and below", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0054.html" + }, + { + "name": "cslh-chat-name-xss(16321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16321" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2378.json b/2004/2xxx/CVE-2004-2378.json index ef5a409145f..e3bfc33c15e 100644 --- a/2004/2xxx/CVE-2004-2378.json +++ b/2004/2xxx/CVE-2004-2378.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "@Mail 3.64 for Windows allows remote attackers to cause a denial of service (\"unusable\" server) via a large number of POP3 connections to the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt" - }, - { - "name" : "9749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9749" - }, - { - "name" : "4068", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4068" - }, - { - "name" : "1009208", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Feb/1009208.html" - }, - { - "name" : "10978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10978" - }, - { - "name" : "atmail-connection-dos(15320)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "@Mail 3.64 for Windows allows remote attackers to cause a denial of service (\"unusable\" server) via a large number of POP3 connections to the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt" + }, + { + "name": "atmail-connection-dos(15320)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15320" + }, + { + "name": "10978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10978" + }, + { + "name": "9749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9749" + }, + { + "name": "1009208", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Feb/1009208.html" + }, + { + "name": "4068", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4068" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2526.json b/2004/2xxx/CVE-2004-2526.json index d8a7d297139..e7ca50a704c 100644 --- a/2004/2xxx/CVE-2004-2526.json +++ b/2004/2xxx/CVE-2004-2526.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040802 IBM Directory Server - ldacgi.exe", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1311.html" - }, - { - "name" : "http://www.oliverkarow.de/research/IDS_directory_traversal.txt", - "refsource" : "MISC", - "url" : "http://www.oliverkarow.de/research/IDS_directory_traversal.txt" - }, - { - "name" : "IR52692", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IR52692" - }, - { - "name" : "IR53631", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IR53631" - }, - { - "name" : "10841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10841" - }, - { - "name" : "8367", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8367" - }, - { - "name" : "1010834", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010834" - }, - { - "name" : "10347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10347" - }, - { - "name" : "tivoli-directory-directory-traversal(16850)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IR52692", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IR52692" + }, + { + "name": "1010834", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010834" + }, + { + "name": "10841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10841" + }, + { + "name": "8367", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8367" + }, + { + "name": "20040802 IBM Directory Server - ldacgi.exe", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1311.html" + }, + { + "name": "http://www.oliverkarow.de/research/IDS_directory_traversal.txt", + "refsource": "MISC", + "url": "http://www.oliverkarow.de/research/IDS_directory_traversal.txt" + }, + { + "name": "tivoli-directory-directory-traversal(16850)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16850" + }, + { + "name": "10347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10347" + }, + { + "name": "IR53631", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IR53631" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2088.json b/2008/2xxx/CVE-2008-2088.json index be9e493367b..f37a1c10097 100644 --- a/2008/2xxx/CVE-2008-2088.json +++ b/2008/2xxx/CVE-2008-2088.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5504", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5504" - }, - { - "name" : "28950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28950" - }, - { - "name" : "ADV-2008-1386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1386/references" - }, - { - "name" : "phpforge-admin-sql-injection(42017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5504", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5504" + }, + { + "name": "phpforge-admin-sql-injection(42017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42017" + }, + { + "name": "28950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28950" + }, + { + "name": "ADV-2008-1386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1386/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2292.json b/2008/2xxx/CVE-2008-2292.json index 0d0096c7cc3..879c66cf4d0 100644 --- a/2008/2xxx/CVE-2008-2292.json +++ b/2008/2xxx/CVE-2008-2292.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0013.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm" - }, - { - "name" : "DSA-1663", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1663" - }, - { - "name" : "FEDORA-2008-5215", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html" - }, - { - "name" : "FEDORA-2008-5218", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html" - }, - { - "name" : "FEDORA-2008-5224", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html" - }, - { - "name" : "GLSA-200808-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-02.xml" - }, - { - "name" : "MDVSA-2008:118", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118" - }, - { - "name" : "RHSA-2008:0529", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0529.html" - }, - { - "name" : "239785", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1" - }, - { - "name" : "SUSE-SA:2008:039", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html" - }, - { - "name" : "USN-685-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-685-1" - }, - { - "name" : "29212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29212" - }, - { - "name" : "oval:org.mitre.oval:def:11261", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261" - }, - { - "name" : "1020527", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020527" - }, - { - "name" : "33003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33003" - }, - { - "name" : "ADV-2008-1528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1528/references" - }, - { - "name" : "ADV-2008-2141", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2141/references" - }, - { - "name" : "ADV-2008-2361", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2361" - }, - { - "name" : "30187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30187" - }, - { - "name" : "30647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30647" - }, - { - "name" : "31155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31155" - }, - { - "name" : "31334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31334" - }, - { - "name" : "31351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31351" - }, - { - "name" : "31467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31467" - }, - { - "name" : "31568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31568" - }, - { - "name" : "30615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30615" - }, - { - "name" : "32664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32664" - }, - { - "name" : "netsnmp-snprintvalue-bo(42430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020527", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020527" + }, + { + "name": "30615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30615" + }, + { + "name": "32664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32664" + }, + { + "name": "SUSE-SA:2008:039", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html" + }, + { + "name": "30187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30187" + }, + { + "name": "31351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31351" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694" + }, + { + "name": "FEDORA-2008-5215", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html" + }, + { + "name": "31334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31334" + }, + { + "name": "ADV-2008-2141", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2141/references" + }, + { + "name": "30647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30647" + }, + { + "name": "29212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29212" + }, + { + "name": "33003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33003" + }, + { + "name": "ADV-2008-2361", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2361" + }, + { + "name": "31568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31568" + }, + { + "name": "31467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31467" + }, + { + "name": "239785", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1" + }, + { + "name": "DSA-1663", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1663" + }, + { + "name": "RHSA-2008:0529", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html" + }, + { + "name": "31155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31155" + }, + { + "name": "GLSA-200808-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-02.xml" + }, + { + "name": "netsnmp-snprintvalue-bo(42430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42430" + }, + { + "name": "FEDORA-2008-5218", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html" + }, + { + "name": "FEDORA-2008-5224", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html" + }, + { + "name": "MDVSA-2008:118", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118" + }, + { + "name": "USN-685-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-685-1" + }, + { + "name": "ADV-2008-1528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1528/references" + }, + { + "name": "oval:org.mitre.oval:def:11261", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2537.json b/2008/2xxx/CVE-2008-2537.json index b8ea5b848a2..6356c36b02d 100644 --- a/2008/2xxx/CVE-2008-2537.json +++ b/2008/2xxx/CVE-2008-2537.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5577", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5577" - }, - { - "name" : "29128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29128" - }, - { - "name" : "modelsearch-cat-sql-injection(42312)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29128" + }, + { + "name": "modelsearch-cat-sql-injection(42312)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42312" + }, + { + "name": "5577", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5577" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2643.json b/2008/2xxx/CVE-2008-2643.json index 890aeb96406..d4df3b96379 100644 --- a/2008/2xxx/CVE-2008-2643.json +++ b/2008/2xxx/CVE-2008-2643.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5710", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5710" - }, - { - "name" : "http://joomlacode.org/gf/project/biblestudy/news/?action=NewsThreadView&id=1454", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/project/biblestudy/news/?action=NewsThreadView&id=1454" - }, - { - "name" : "30492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30492" - }, - { - "name" : "biblestudy-index-sql-injection(42788)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30492" + }, + { + "name": "5710", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5710" + }, + { + "name": "biblestudy-index-sql-injection(42788)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42788" + }, + { + "name": "http://joomlacode.org/gf/project/biblestudy/news/?action=NewsThreadView&id=1454", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/project/biblestudy/news/?action=NewsThreadView&id=1454" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6130.json b/2008/6xxx/CVE-2008-6130.json index ed99a73c92f..a6dc8bd3985 100644 --- a/2008/6xxx/CVE-2008-6130.json +++ b/2008/6xxx/CVE-2008-6130.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080930 [MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=122278832621348&w=2" - }, - { - "name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls56", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls56" - }, - { - "name" : "http://wiki.mozilo.de/index.php?page=Changelog", - "refsource" : "CONFIRM", - "url" : "http://wiki.mozilo.de/index.php?page=Changelog" - }, - { - "name" : "31493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31493" - }, - { - "name" : "32024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32024" - }, - { - "name" : "mozilowiki-index-xss(45527)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080930 [MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=122278832621348&w=2" + }, + { + "name": "http://wiki.mozilo.de/index.php?page=Changelog", + "refsource": "CONFIRM", + "url": "http://wiki.mozilo.de/index.php?page=Changelog" + }, + { + "name": "32024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32024" + }, + { + "name": "mozilowiki-index-xss(45527)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45527" + }, + { + "name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls56", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls56" + }, + { + "name": "31493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31493" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6224.json b/2008/6xxx/CVE-2008-6224.json index 4950ed66657..98269e7eaa3 100644 --- a/2008/6xxx/CVE-2008-6224.json +++ b/2008/6xxx/CVE-2008-6224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6992", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6992" - }, - { - "name" : "32115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32115" - }, - { - "name" : "32515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32515" - }, - { - "name" : "wotw-visualizza-file-include(46340)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32515" + }, + { + "name": "6992", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6992" + }, + { + "name": "32115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32115" + }, + { + "name": "wotw-visualizza-file-include(46340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46340" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6481.json b/2008/6xxx/CVE-2008-6481.json index 15dd25632a1..31cf6c6179c 100644 --- a/2008/6xxx/CVE-2008-6481.json +++ b/2008/6xxx/CVE-2008-6481.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5989", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5989" - }, - { - "name" : "30050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30050" - }, - { - "name" : "versioning-index-sql-injection(43526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30050" + }, + { + "name": "versioning-index-sql-injection(43526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43526" + }, + { + "name": "5989", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5989" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1322.json b/2012/1xxx/CVE-2012-1322.json index 2ec5eac7ee0..2d5e131840f 100644 --- a/2012/1xxx/CVE-2012-1322.json +++ b/2012/1xxx/CVE-2012-1322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1322", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1322", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1536.json b/2012/1xxx/CVE-2012-1536.json index 7f773502f6a..45ae1857dbf 100644 --- a/2012/1xxx/CVE-2012-1536.json +++ b/2012/1xxx/CVE-2012-1536.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1536", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1536", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1550.json b/2012/1xxx/CVE-2012-1550.json index 34dce7da670..a2fc195245a 100644 --- a/2012/1xxx/CVE-2012-1550.json +++ b/2012/1xxx/CVE-2012-1550.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1550", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1550", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1714.json b/2012/1xxx/CVE-2012-1714.json index 950fe9393f3..7b105c71b11 100644 --- a/2012/1xxx/CVE-2012-1714.json +++ b/2012/1xxx/CVE-2012-1714.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5004.json b/2012/5xxx/CVE-2012-5004.json index ebcef6bf8bd..a470b5ccaa9 100644 --- a/2012/5xxx/CVE-2012-5004.json +++ b/2012/5xxx/CVE-2012-5004.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/108972/VL-392.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/108972/VL-392.txt" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=392", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=392" - }, - { - "name" : "78505", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78505" - }, - { - "name" : "47556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47556" - }, - { - "name" : "parallelshsphere-multiple-xss(72628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78505", + "refsource": "OSVDB", + "url": "http://osvdb.org/78505" + }, + { + "name": "http://packetstormsecurity.org/files/view/108972/VL-392.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt" + }, + { + "name": "47556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47556" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=392", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=392" + }, + { + "name": "parallelshsphere-multiple-xss(72628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5051.json b/2012/5xxx/CVE-2012-5051.json index 7e8fc042329..22204773ff6 100644 --- a/2012/5xxx/CVE-2012-5051.json +++ b/2012/5xxx/CVE-2012-5051.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121010 VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2012-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2012-0014.html" - }, - { - "name" : "55808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2012-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2012-0014.html" + }, + { + "name": "20121010 VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html" + }, + { + "name": "55808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55808" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5199.json b/2012/5xxx/CVE-2012-5199.json index 02c34c052da..674b6d8cc20 100644 --- a/2012/5xxx/CVE-2012-5199.json +++ b/2012/5xxx/CVE-2012-5199.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-5199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02836", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" - }, - { - "name" : "SSRT101060", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02836", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" + }, + { + "name": "SSRT101060", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5222.json b/2012/5xxx/CVE-2012-5222.json index 011679521e8..d5977e7b1ce 100644 --- a/2012/5xxx/CVE-2012-5222.json +++ b/2012/5xxx/CVE-2012-5222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-5222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02872", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748875" - }, - { - "name" : "SSRT101185", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101185", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748875" + }, + { + "name": "HPSBMU02872", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748875" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5349.json b/2012/5xxx/CVE-2012-5349.json index 8fc1ab05011..e97e826c663 100644 --- a/2012/5xxx/CVE-2012-5349.json +++ b/2012/5xxx/CVE-2012-5349.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18330", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18330" - }, - { - "name" : "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/" - }, - { - "name" : "51308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51308" - }, - { - "name" : "78205", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78205" - }, - { - "name" : "47475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47475" - }, - { - "name" : "paywithtweet-pay-xss(72166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "paywithtweet-pay-xss(72166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72166" + }, + { + "name": "51308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51308" + }, + { + "name": "18330", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18330" + }, + { + "name": "78205", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78205" + }, + { + "name": "47475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47475" + }, + { + "name": "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5702.json b/2012/5xxx/CVE-2012-5702.json index fc3742dd038..ebd20cbea76 100644 --- a/2012/5xxx/CVE-2012-5702.json +++ b/2012/5xxx/CVE-2012-5702.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23124", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23124" - }, - { - "name" : "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/" - }, - { - "name" : "56624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56624" - }, - { - "name" : "87627", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87627" - }, - { - "name" : "51332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51332" - }, - { - "name" : "dotproject-index-date-xss(80216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "87627", + "refsource": "OSVDB", + "url": "http://osvdb.org/87627" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23124", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23124" + }, + { + "name": "56624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56624" + }, + { + "name": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/" + }, + { + "name": "dotproject-index-date-xss(80216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80216" + }, + { + "name": "51332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51332" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11194.json b/2017/11xxx/CVE-2017-11194.json index 03d23b0a04b..c841fa6a11b 100644 --- a/2017/11xxx/CVE-2017-11194.json +++ b/2017/11xxx/CVE-2017-11194.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf", - "refsource" : "MISC", - "url" : "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf" - }, - { - "name" : "https://twitter.com/sxcurity/status/884556905145937921", - "refsource" : "MISC", - "url" : "https://twitter.com/sxcurity/status/884556905145937921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/sxcurity/status/884556905145937921", + "refsource": "MISC", + "url": "https://twitter.com/sxcurity/status/884556905145937921" + }, + { + "name": "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf", + "refsource": "MISC", + "url": "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11298.json b/2017/11xxx/CVE-2017-11298.json index eb6d713e58b..397e257acf7 100644 --- a/2017/11xxx/CVE-2017-11298.json +++ b/2017/11xxx/CVE-2017-11298.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions 4.5.6 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Digital Editions 4.5.6 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions 4.5.6 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Digital Editions 4.5.6 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html" - }, - { - "name" : "101839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101839" - }, - { - "name" : "1039798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101839" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html" + }, + { + "name": "1039798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039798" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11569.json b/2017/11xxx/CVE-2017-11569.json index 3a37f5a4039..d535505ec61 100644 --- a/2017/11xxx/CVE-2017-11569.json +++ b/2017/11xxx/CVE-2017-11569.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fontforge/fontforge/issues/3093", - "refsource" : "MISC", - "url" : "https://github.com/fontforge/fontforge/issues/3093" - }, - { - "name" : "DSA-3958", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3958", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3958" + }, + { + "name": "https://github.com/fontforge/fontforge/issues/3093", + "refsource": "MISC", + "url": "https://github.com/fontforge/fontforge/issues/3093" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11738.json b/2017/11xxx/CVE-2017-11738.json index b504552c704..7b20861c7dd 100644 --- a/2017/11xxx/CVE-2017-11738.json +++ b/2017/11xxx/CVE-2017-11738.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11738", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11738", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11856.json b/2017/11xxx/CVE-2017-11856.json index 13f8d9da8da..75bac6daf11 100644 --- a/2017/11xxx/CVE-2017-11856.json +++ b/2017/11xxx/CVE-2017-11856.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11855." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856" - }, - { - "name" : "101753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11855." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856" + }, + { + "name": "101753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101753" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3235.json b/2017/3xxx/CVE-2017-3235.json index 8ffa2f3f301..4e1332f5a11 100644 --- a/2017/3xxx/CVE-2017-3235.json +++ b/2017/3xxx/CVE-2017-3235.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0" - }, - { - "version_value" : "11.4.0" - }, - { - "version_value" : "12.0.1" - }, - { - "version_value" : "12.0.2" - }, - { - "version_value" : "12.0.3" - }, - { - "version_value" : "12.1.0" - }, - { - "version_value" : "12.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 3.5 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "11.3.0" + }, + { + "version_value": "11.4.0" + }, + { + "version_value": "12.0.1" + }, + { + "version_value": "12.0.2" + }, + { + "version_value": "12.0.3" + }, + { + "version_value": "12.1.0" + }, + { + "version_value": "12.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95555" - }, - { - "name" : "1037636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 3.5 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95555" + }, + { + "name": "1037636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3380.json b/2017/3xxx/CVE-2017-3380.json index e808ba7b83c..d976f96bc5e 100644 --- a/2017/3xxx/CVE-2017-3380.json +++ b/2017/3xxx/CVE-2017-3380.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3534.json b/2017/3xxx/CVE-2017-3534.json index 4ec6ef1af00..2dda6cee139 100644 --- a/2017/3xxx/CVE-2017-3534.json +++ b/2017/3xxx/CVE-2017-3534.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.1" - }, - { - "version_affected" : "=", - "version_value" : "12.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.0.3" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.2" + }, + { + "version_affected": "=", + "version_value": "12.0.3" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97762" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + }, + { + "name": "97762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97762" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7084.json b/2017/7xxx/CVE-2017-7084.json index db093b76a00..b7bb8100704 100644 --- a/2017/7xxx/CVE-2017-7084.json +++ b/2017/7xxx/CVE-2017-7084.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Application Firewall\" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208144", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208144" - }, - { - "name" : "100993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100993" - }, - { - "name" : "1039427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Application Firewall\" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100993" + }, + { + "name": "https://support.apple.com/HT208144", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208144" + }, + { + "name": "1039427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039427" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7271.json b/2017/7xxx/CVE-2017-7271.json index 1b9658076d7..46d7cda81c5 100644 --- a/2017/7xxx/CVE-2017-7271.json +++ b/2017/7xxx/CVE-2017-7271.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756", - "refsource" : "CONFIRM", - "url" : "https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756" - }, - { - "name" : "https://github.com/yiisoft/yii2/pull/13401", - "refsource" : "CONFIRM", - "url" : "https://github.com/yiisoft/yii2/pull/13401" - }, - { - "name" : "http://www.yiiframework.com/news/123/yii-2-0-11-is-released/", - "refsource" : "CONFIRM", - "url" : "http://www.yiiframework.com/news/123/yii-2-0-11-is-released/" - }, - { - "name" : "97167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.yiiframework.com/news/123/yii-2-0-11-is-released/", + "refsource": "CONFIRM", + "url": "http://www.yiiframework.com/news/123/yii-2-0-11-is-released/" + }, + { + "name": "https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756", + "refsource": "CONFIRM", + "url": "https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756" + }, + { + "name": "97167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97167" + }, + { + "name": "https://github.com/yiisoft/yii2/pull/13401", + "refsource": "CONFIRM", + "url": "https://github.com/yiisoft/yii2/pull/13401" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7935.json b/2017/7xxx/CVE-2017-7935.json index 04ae684781d..0eaf57d2759 100644 --- a/2017/7xxx/CVE-2017-7935.json +++ b/2017/7xxx/CVE-2017-7935.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Phoenix Contact GmbH mGuard", - "version" : { - "version_data" : [ - { - "version_value" : "Phoenix Contact GmbH mGuard" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Phoenix Contact GmbH mGuard", + "version": { + "version_data": [ + { + "version_value": "Phoenix Contact GmbH mGuard" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8444.json b/2017/8xxx/CVE-2017-8444.json index 70045fe0bff..d2ac2e991c5 100644 --- a/2017/8xxx/CVE-2017-8444.json +++ b/2017/8xxx/CVE-2017-8444.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@elastic.co", - "ID" : "CVE-2017-8444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Elastic Cloud Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0 and 1.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-319: Cleartext Transmission of Sensitive Information" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2017-8444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elastic Cloud Enterprise", + "version": { + "version_data": [ + { + "version_value": "1.0.0 and 1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247", - "refsource" : "MISC", - "url" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247", + "refsource": "MISC", + "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8532.json b/2017/8xxx/CVE-2017-8532.json index 0c814d79790..5a2bb271dc9 100644 --- a/2017/8xxx/CVE-2017-8532.json +++ b/2017/8xxx/CVE-2017-8532.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Graphics", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Graphics Uniscribe Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Graphics", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532" - }, - { - "name" : "98820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98820" - }, - { - "name" : "1038662", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Graphics Uniscribe Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532" + }, + { + "name": "98820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98820" + }, + { + "name": "1038662", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038662" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8536.json b/2017/8xxx/CVE-2017-8536.json index 13c3a87d2e7..9f9f1e249dc 100644 --- a/2017/8xxx/CVE-2017-8536.json +++ b/2017/8xxx/CVE-2017-8536.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Malware Protection Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Server" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Malware Protection Engine", + "version": { + "version_data": [ + { + "version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42081", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42081/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536" - }, - { - "name" : "98708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98708" - }, - { - "name" : "1038571", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Server" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42081", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42081/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536" + }, + { + "name": "98708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98708" + }, + { + "name": "1038571", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038571" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8780.json b/2017/8xxx/CVE-2017-8780.json index 4a6f16e3051..a538af67b19 100644 --- a/2017/8xxx/CVE-2017-8780.json +++ b/2017/8xxx/CVE-2017-8780.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/74", - "refsource" : "MISC", - "url" : "https://github.com/semplon/GeniXCMS/issues/74" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/semplon/GeniXCMS/issues/74", + "refsource": "MISC", + "url": "https://github.com/semplon/GeniXCMS/issues/74" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10037.json b/2018/10xxx/CVE-2018-10037.json index e85585bb460..e8c25c752b5 100644 --- a/2018/10xxx/CVE-2018-10037.json +++ b/2018/10xxx/CVE-2018-10037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10037", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10037", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10112.json b/2018/10xxx/CVE-2018-10112.json index af59c3e5ca6..bc984e5361b 100644 --- a/2018/10xxx/CVE-2018-10112.json +++ b/2018/10xxx/CVE-2018-10112.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=795249", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=795249" - }, - { - "name" : "https://github.com/xiaoqx/pocs/tree/master/gegl", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/tree/master/gegl" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=795249", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=795249" + }, + { + "name": "https://github.com/xiaoqx/pocs/tree/master/gegl", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/tree/master/gegl" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10370.json b/2018/10xxx/CVE-2018-10370.json index 78b9a329428..3ae817faac1 100644 --- a/2018/10xxx/CVE-2018-10370.json +++ b/2018/10xxx/CVE-2018-10370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10370", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10370", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10750.json b/2018/10xxx/CVE-2018-10750.json index 14be791c847..bfbe7187290 100644 --- a/2018/10xxx/CVE-2018-10750.json +++ b/2018/10xxx/CVE-2018-10750.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md", - "refsource" : "MISC", - "url" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md", + "refsource": "MISC", + "url": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10968.json b/2018/10xxx/CVE-2018-10968.json index 5ece645f7dd..b083c998837 100644 --- a/2018/10xxx/CVE-2018-10968.json +++ b/2018/10xxx/CVE-2018-10968.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/zeroday/FG-VD-18-061", - "refsource" : "MISC", - "url" : "https://fortiguard.com/zeroday/FG-VD-18-061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/zeroday/FG-VD-18-061", + "refsource": "MISC", + "url": "https://fortiguard.com/zeroday/FG-VD-18-061" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12130.json b/2018/12xxx/CVE-2018-12130.json index de10353a6f7..1cedb5ee93c 100644 --- a/2018/12xxx/CVE-2018-12130.json +++ b/2018/12xxx/CVE-2018-12130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12295.json b/2018/12xxx/CVE-2018-12295.json index 9c0b92e2572..b332fdf3434 100644 --- a/2018/12xxx/CVE-2018-12295.json +++ b/2018/12xxx/CVE-2018-12295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12412.json b/2018/12xxx/CVE-2018-12412.json index 5a6bcadbd88..de732849d4b 100644 --- a/2018/12xxx/CVE-2018-12412.json +++ b/2018/12xxx/CVE-2018-12412.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2018-11-06T17:00:00.000Z", - "ID" : "CVE-2018-12412", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO FTL Realm Server Vulnerable to CSRF Attacks" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO FTL - Community Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "5.4.0" - } - ] - } - }, - { - "product_name" : "TIBCO FTL - Developer Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "5.4.0" - } - ] - } - }, - { - "product_name" : "TIBCO FTL - Enterprise Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "5.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to realm configuration. With such access, the attacker might also be able to gain access to all data sent to endpoints controlled by the realm server." - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2018-11-06T17:00:00.000Z", + "ID": "CVE-2018-12412", + "STATE": "PUBLIC", + "TITLE": "TIBCO FTL Realm Server Vulnerable to CSRF Attacks" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO FTL - Community Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "5.4.0" + } + ] + } + }, + { + "product_name": "TIBCO FTL - Developer Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "5.4.0" + } + ] + } + }, + { + "product_name": "TIBCO FTL - Enterprise Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "5.4.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/services/support/advisories", - "refsource" : "MISC", - "url" : "http://www.tibco.com/services/support/advisories" - }, - { - "name" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl" - }, - { - "name" : "105861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105861" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO FTL - Community Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Developer Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Enterprise Edition versions 5.4.0 and below update to version 5.4.1 or higher.\n" - } - ], - "source" : { - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to realm configuration. With such access, the attacker might also be able to gain access to all data sent to endpoints controlled by the realm server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories" + }, + { + "name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl" + }, + { + "name": "105861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105861" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO FTL - Community Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Developer Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Enterprise Edition versions 5.4.0 and below update to version 5.4.1 or higher.\n" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12705.json b/2018/12xxx/CVE-2018-12705.json index b199ae9de19..dcc18f5beb8 100644 --- a/2018/12xxx/CVE-2018-12705.json +++ b/2018/12xxx/CVE-2018-12705.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44935", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44935/" - }, - { - "name" : "https://hackings8n.blogspot.com/2018/06/cve-2018-12705-digisol-wireless-router.html", - "refsource" : "MISC", - "url" : "https://hackings8n.blogspot.com/2018/06/cve-2018-12705-digisol-wireless-router.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44935", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44935/" + }, + { + "name": "https://hackings8n.blogspot.com/2018/06/cve-2018-12705-digisol-wireless-router.html", + "refsource": "MISC", + "url": "https://hackings8n.blogspot.com/2018/06/cve-2018-12705-digisol-wireless-router.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12819.json b/2018/12xxx/CVE-2018-12819.json index d655ae7c917..cd0ce4b6e4f 100644 --- a/2018/12xxx/CVE-2018-12819.json +++ b/2018/12xxx/CVE-2018-12819.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions", - "version" : { - "version_data" : [ - { - "version_value" : "4.5.8 and below versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions", + "version": { + "version_data": [ + { + "version_value": "4.5.8 and below versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html" - }, - { - "name" : "105532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html" + }, + { + "name": "105532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105532" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13107.json b/2018/13xxx/CVE-2018-13107.json index 1dfee0b6da9..6dc0d9e54ac 100644 --- a/2018/13xxx/CVE-2018-13107.json +++ b/2018/13xxx/CVE-2018-13107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13284.json b/2018/13xxx/CVE-2018-13284.json index 9a92ed7b610..ace1c4c81cc 100644 --- a/2018/13xxx/CVE-2018-13284.json +++ b/2018/13xxx/CVE-2018-13284.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13284", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13284", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13502.json b/2018/13xxx/CVE-2018-13502.json index bb5fb91178a..f55c4d1fb13 100644 --- a/2018/13xxx/CVE-2018-13502.json +++ b/2018/13xxx/CVE-2018-13502.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HeliumNetwork", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HeliumNetwork" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HeliumNetwork", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HeliumNetwork" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13620.json b/2018/13xxx/CVE-2018-13620.json index 9361eac610d..c5388270f1a 100644 --- a/2018/13xxx/CVE-2018-13620.json +++ b/2018/13xxx/CVE-2018-13620.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TripCash", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TripCash" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TripCash", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TripCash" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13711.json b/2018/13xxx/CVE-2018-13711.json index b606ef8625d..5eb786dba50 100644 --- a/2018/13xxx/CVE-2018-13711.json +++ b/2018/13xxx/CVE-2018-13711.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Databits", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Databits" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Databits", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Databits" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13835.json b/2018/13xxx/CVE-2018-13835.json index 77168dbe9c4..8e1b2fdf5d7 100644 --- a/2018/13xxx/CVE-2018-13835.json +++ b/2018/13xxx/CVE-2018-13835.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13835", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13835", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17613.json b/2018/17xxx/CVE-2018-17613.json index a8d4dde9c41..38173c23e64 100644 --- a/2018/17xxx/CVE-2018-17613.json +++ b/2018/17xxx/CVE-2018-17613.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Telegram Desktop (aka tdesktop) 1.3.16 alpha, when \"Use proxy\" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://seclists.org/oss-sec/2018/q3/280", - "refsource" : "MISC", - "url" : "https://seclists.org/oss-sec/2018/q3/280" - }, - { - "name" : "https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html", - "refsource" : "MISC", - "url" : "https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telegram Desktop (aka tdesktop) 1.3.16 alpha, when \"Use proxy\" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://seclists.org/oss-sec/2018/q3/280", + "refsource": "MISC", + "url": "https://seclists.org/oss-sec/2018/q3/280" + }, + { + "name": "https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html", + "refsource": "MISC", + "url": "https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html" + } + ] + } +} \ No newline at end of file