diff --git a/2003/0xxx/CVE-2003-0002.json b/2003/0xxx/CVE-2003-0002.json index 151f1c5f51b..bdae7848cff 100644 --- a/2003/0xxx/CVE-2003-0002.json +++ b/2003/0xxx/CVE-2003-0002.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021007 CSS on Microsoft Content Management Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103417794800719&w=2" - }, - { - "name" : "MS03-002", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-002" - }, - { - "name" : "5922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5922" - }, - { - "name" : "mcms-manuallogin-reasontxt-xss (10318)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10318.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5922" + }, + { + "name": "MS03-002", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-002" + }, + { + "name": "20021007 CSS on Microsoft Content Management Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103417794800719&w=2" + }, + { + "name": "mcms-manuallogin-reasontxt-xss (10318)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10318.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1383.json b/2003/1xxx/CVE-2003-1383.json index c60a941d3ec..117ea4202d6 100644 --- a/2003/1xxx/CVE-2003-1383.json +++ b/2003/1xxx/CVE-2003-1383.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030301 web-erp 0.1.4 database access vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313575" - }, - { - "name" : "3257", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3257" - }, - { - "name" : "weberp-logicworks-ini-access(11443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11443" - }, - { - "name" : "6996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weberp-logicworks-ini-access(11443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11443" + }, + { + "name": "3257", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3257" + }, + { + "name": "20030301 web-erp 0.1.4 database access vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313575" + }, + { + "name": "6996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6996" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0162.json b/2004/0xxx/CVE-2004-0162.json index 26fa383566c..ab27847e0ff 100644 --- a/2004/0xxx/CVE-2004-0162.json +++ b/2004/0xxx/CVE-2004-0162.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109517563513776&w=2" - }, - { - "name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm" - }, - { - "name" : "mime-rfc822-filtering-bypass(17332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040914 Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109517563513776&w=2" + }, + { + "name": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm" + }, + { + "name": "mime-rfc822-filtering-bypass(17332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17332" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0202.json b/2004/0xxx/CVE-2004-0202.json index 00ef81c668a..904298f2fa0 100644 --- a/2004/0xxx/CVE-2004-0202.json +++ b/2004/0xxx/CVE-2004-0202.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS04-016", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-016" - }, - { - "name" : "10487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10487" - }, - { - "name" : "6742", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6742" - }, - { - "name" : "oval:org.mitre.oval:def:1027", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1027" - }, - { - "name" : "oval:org.mitre.oval:def:2190", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2190" - }, - { - "name" : "oval:org.mitre.oval:def:2413", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2413" - }, - { - "name" : "oval:org.mitre.oval:def:2516", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2516" - }, - { - "name" : "oval:org.mitre.oval:def:2705", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2705" - }, - { - "name" : "11802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11802" - }, - { - "name" : "ms-directx-directplay-dos(16306)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ms-directx-directplay-dos(16306)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16306" + }, + { + "name": "6742", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6742" + }, + { + "name": "oval:org.mitre.oval:def:2413", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2413" + }, + { + "name": "MS04-016", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-016" + }, + { + "name": "oval:org.mitre.oval:def:2516", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2516" + }, + { + "name": "oval:org.mitre.oval:def:2190", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2190" + }, + { + "name": "oval:org.mitre.oval:def:1027", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1027" + }, + { + "name": "oval:org.mitre.oval:def:2705", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2705" + }, + { + "name": "10487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10487" + }, + { + "name": "11802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11802" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0397.json b/2004/0xxx/CVE-2004-0397.json index 6f8bc38b82c..275db769b79 100644 --- a/2004/0xxx/CVE-2004-0397.json +++ b/2004/0xxx/CVE-2004-0397.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040519 Advisory 08/2004: Subversion remote vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021737.html" - }, - { - "name" : "20040519 Advisory 08/2004: Subversion remote vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108498676517697&w=2" - }, - { - "name" : "http://security.e-matters.de/advisories/082004.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/082004.html" - }, - { - "name" : "http://subversion.tigris.org/svn-sscanf-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.tigris.org/svn-sscanf-advisory.txt" - }, - { - "name" : "FEDORA-2004-128", - "refsource" : "FEDORA", - "url" : "http://www.linuxsecurity.com/advisories/fedora_advisory-4373.html" - }, - { - "name" : "FLSA:1748", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1748" - }, - { - "name" : "GLSA-200405-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200405-14.xml" - }, - { - "name" : "20040519 [OpenPKG-SA-2004.023] OpenPKG Security Advisory (subversion)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/363814" - }, - { - "name" : "10386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10386" - }, - { - "name" : "6301", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6301" - }, - { - "name" : "11642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11642" - }, - { - "name" : "11675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11675" - }, - { - "name" : "subversion-date-parsing-command-execution(16191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10386" + }, + { + "name": "FLSA:1748", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1748" + }, + { + "name": "20040519 Advisory 08/2004: Subversion remote vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021737.html" + }, + { + "name": "http://subversion.tigris.org/svn-sscanf-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.tigris.org/svn-sscanf-advisory.txt" + }, + { + "name": "20040519 Advisory 08/2004: Subversion remote vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108498676517697&w=2" + }, + { + "name": "20040519 [OpenPKG-SA-2004.023] OpenPKG Security Advisory (subversion)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/363814" + }, + { + "name": "FEDORA-2004-128", + "refsource": "FEDORA", + "url": "http://www.linuxsecurity.com/advisories/fedora_advisory-4373.html" + }, + { + "name": "GLSA-200405-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200405-14.xml" + }, + { + "name": "6301", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6301" + }, + { + "name": "11675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11675" + }, + { + "name": "subversion-date-parsing-command-execution(16191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16191" + }, + { + "name": "http://security.e-matters.de/advisories/082004.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/082004.html" + }, + { + "name": "11642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11642" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0562.json b/2004/0xxx/CVE-2004-0562.json index e86e6290234..a1a71b80dae 100644 --- a/2004/0xxx/CVE-2004-0562.json +++ b/2004/0xxx/CVE-2004-0562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0562", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0562", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0955.json b/2004/0xxx/CVE-2004-0955.json index 00647c98434..833a603a270 100644 --- a/2004/0xxx/CVE-2004-0955.json +++ b/2004/0xxx/CVE-2004-0955.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0955", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0599. Reason: This candidate is a reservation duplicate of CVE-2004-0599 (the first item listed in that candidate). Notes: All CVE users should reference CVE-2004-0599 instead of this candidate. All references and descriptions have been removed from this candidate to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0955", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0599. Reason: This candidate is a reservation duplicate of CVE-2004-0599 (the first item listed in that candidate). Notes: All CVE users should reference CVE-2004-0599 instead of this candidate. All references and descriptions have been removed from this candidate to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1165.json b/2004/1xxx/CVE-2004-1165.json index 1257e7b6cec..f4be3cea7e5 100644 --- a/2004/1xxx/CVE-2004-1165.json +++ b/2004/1xxx/CVE-2004-1165.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041205 7a69Adv#16 - Konqueror FTP command injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110245752232681&w=2" - }, - { - "name" : "DSA-631", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-631" - }, - { - "name" : "GLSA-200501-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml" - }, - { - "name" : "MDKSA-2005:045", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:045" - }, - { - "name" : "RHSA-2005:009", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-009.html" - }, - { - "name" : "RHSA-2005:065", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-065.html" - }, - { - "name" : "oval:org.mitre.oval:def:9645", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645" - }, - { - "name" : "web-browser-ftp-command-execution(18384)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:065", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-065.html" + }, + { + "name": "GLSA-200501-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml" + }, + { + "name": "oval:org.mitre.oval:def:9645", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645" + }, + { + "name": "web-browser-ftp-command-execution(18384)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384" + }, + { + "name": "DSA-631", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-631" + }, + { + "name": "20041205 7a69Adv#16 - Konqueror FTP command injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110245752232681&w=2" + }, + { + "name": "RHSA-2005:009", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-009.html" + }, + { + "name": "MDKSA-2005:045", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:045" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1185.json b/2004/1xxx/CVE-2004-1185.json index 71cfb0acbcc..7e172ff5e51 100644 --- a/2004/1xxx/CVE-2004-1185.json +++ b/2004/1xxx/CVE-2004-1185.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060526 rPSA-2006-0083-1 enscript", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435199/100/0/threaded" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "DSA-654", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-654" - }, - { - "name" : "FLSA:152892", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/419768/100/0/threaded" - }, - { - "name" : "GLSA-200502-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml" - }, - { - "name" : "MDKSA-2005:033", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:033" - }, - { - "name" : "RHSA-2005:040", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-040.html" - }, - { - "name" : "USN-68-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/68-1/" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "12329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12329" - }, - { - "name" : "oval:org.mitre.oval:def:10808", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10808" - }, - { - "name" : "1012965", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012965" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "enscript-filename-command-execution(19029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FLSA:152892", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/419768/100/0/threaded" + }, + { + "name": "12329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12329" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "oval:org.mitre.oval:def:10808", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10808" + }, + { + "name": "MDKSA-2005:033", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:033" + }, + { + "name": "USN-68-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/68-1/" + }, + { + "name": "1012965", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012965" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "DSA-654", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-654" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "20060526 rPSA-2006-0083-1 enscript", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435199/100/0/threaded" + }, + { + "name": "enscript-filename-command-execution(19029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19029" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "RHSA-2005:040", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-040.html" + }, + { + "name": "GLSA-200502-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1973.json b/2004/1xxx/CVE-2004-1973.json index f405b7904c2..0e1119e69e5 100644 --- a/2004/1xxx/CVE-2004-1973.json +++ b/2004/1xxx/CVE-2004-1973.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \\ (backslash) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040427 resources consumption in DiGi WWW Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108311170018203&w=2" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/DiGiWwwServerC1-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/DiGiWwwServerC1-adv.txt" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=234261", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=234261" - }, - { - "name" : "10228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10228" - }, - { - "name" : "5702", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5702" - }, - { - "name" : "1009957", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2004/Apr/1009957.html" - }, - { - "name" : "11490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11490" - }, - { - "name" : "digi-www-slash-dos(15987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \\ (backslash) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10228" + }, + { + "name": "11490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11490" + }, + { + "name": "5702", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5702" + }, + { + "name": "20040427 resources consumption in DiGi WWW Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108311170018203&w=2" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=234261", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=234261" + }, + { + "name": "digi-www-slash-dos(15987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15987" + }, + { + "name": "1009957", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2004/Apr/1009957.html" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/DiGiWwwServerC1-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/DiGiWwwServerC1-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2017.json b/2004/2xxx/CVE-2004-2017.json index c9082627659..dd5f98736a6 100644 --- a/2004/2xxx/CVE-2004-2017.json +++ b/2004/2xxx/CVE-2004-2017.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040517 Multiple TTT-C XSS vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108481571131866&w=2" - }, - { - "name" : "http://www.icefire.org/security/ttt-bugreport.txt", - "refsource" : "MISC", - "url" : "http://www.icefire.org/security/ttt-bugreport.txt" - }, - { - "name" : "10359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10359" - }, - { - "name" : "6339", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6339" - }, - { - "name" : "6340", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6340" - }, - { - "name" : "6341", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6341" - }, - { - "name" : "6342", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6342" - }, - { - "name" : "6343", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6343" - }, - { - "name" : "6344", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6344" - }, - { - "name" : "11623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11623" - }, - { - "name" : "turbotraffictraderc-multiple-xss(16164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10359" + }, + { + "name": "11623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11623" + }, + { + "name": "20040517 Multiple TTT-C XSS vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108481571131866&w=2" + }, + { + "name": "6340", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6340" + }, + { + "name": "6341", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6341" + }, + { + "name": "6342", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6342" + }, + { + "name": "turbotraffictraderc-multiple-xss(16164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16164" + }, + { + "name": "6344", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6344" + }, + { + "name": "6339", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6339" + }, + { + "name": "http://www.icefire.org/security/ttt-bugreport.txt", + "refsource": "MISC", + "url": "http://www.icefire.org/security/ttt-bugreport.txt" + }, + { + "name": "6343", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6343" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2517.json b/2004/2xxx/CVE-2004-2517.json index b415d478804..c7b58e21859 100644 --- a/2004/2xxx/CVE-2004-2517.json +++ b/2004/2xxx/CVE-2004-2517.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://fux0r.phathookups.com/advisory/sp-x14-advisory.txt", - "refsource" : "MISC", - "url" : "http://fux0r.phathookups.com/advisory/sp-x14-advisory.txt" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=270736", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=270736" - }, - { - "name" : "10333", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10333" - }, - { - "name" : "1011427", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011427" - }, - { - "name" : "12640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12640" - }, - { - "name" : "myserver-http-post-dos(17496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10333", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10333" + }, + { + "name": "myserver-http-post-dos(17496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17496" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=270736", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=270736" + }, + { + "name": "http://fux0r.phathookups.com/advisory/sp-x14-advisory.txt", + "refsource": "MISC", + "url": "http://fux0r.phathookups.com/advisory/sp-x14-advisory.txt" + }, + { + "name": "12640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12640" + }, + { + "name": "1011427", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011427" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2567.json b/2008/2xxx/CVE-2008-2567.json index 01547e0eebe..ed607c56400 100644 --- a/2008/2xxx/CVE-2008-2567.json +++ b/2008/2xxx/CVE-2008-2567.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism and favorites search, a different vulnerability than CVE-2007-6002." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fenrir.co.jp/sleipnir/note.html", - "refsource" : "CONFIRM", - "url" : "http://www.fenrir.co.jp/sleipnir/note.html" - }, - { - "name" : "JVN#25448394", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN25448394/index.html" - }, - { - "name" : "29555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29555" - }, - { - "name" : "30487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30487" - }, - { - "name" : "sleipnir-favoritesearch-xss(42827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism and favorites search, a different vulnerability than CVE-2007-6002." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#25448394", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN25448394/index.html" + }, + { + "name": "29555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29555" + }, + { + "name": "30487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30487" + }, + { + "name": "http://www.fenrir.co.jp/sleipnir/note.html", + "refsource": "CONFIRM", + "url": "http://www.fenrir.co.jp/sleipnir/note.html" + }, + { + "name": "sleipnir-favoritesearch-xss(42827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42827" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2734.json b/2008/2xxx/CVE-2008-2734.json index 8ebeda05749..14a19aae883 100644 --- a/2008/2xxx/CVE-2008-2734.json +++ b/2008/2xxx/CVE-2008-2734.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-2734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml" - }, - { - "name" : "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa" - }, - { - "name" : "30998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30998" - }, - { - "name" : "1020812", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020812" - }, - { - "name" : "31730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31730" - }, - { - "name" : "cisco-asa-sslvpn-dos(44868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020812", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020812" + }, + { + "name": "cisco-asa-sslvpn-dos(44868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44868" + }, + { + "name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml" + }, + { + "name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa" + }, + { + "name": "31730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31730" + }, + { + "name": "30998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30998" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2941.json b/2008/2xxx/CVE-2008-2941.json index 58b2e45228b..2b5c3fc00e7 100644 --- a/2008/2xxx/CVE-2008-2941.json +++ b/2008/2xxx/CVE-2008-2941.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending \"msg=0\" to TCP port 2207." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=457052", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=457052" - }, - { - "name" : "MDVSA-2008:169", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:169" - }, - { - "name" : "RHSA-2008:0818", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0818.html" - }, - { - "name" : "SUSE-SR:2008:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html" - }, - { - "name" : "USN-674-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-674-1" - }, - { - "name" : "USN-674-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-674-2" - }, - { - "name" : "30683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30683" - }, - { - "name" : "oval:org.mitre.oval:def:10636", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10636" - }, - { - "name" : "1020683", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020683" - }, - { - "name" : "31470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31470" - }, - { - "name" : "31499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31499" - }, - { - "name" : "32316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32316" - }, - { - "name" : "32792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32792" - }, - { - "name" : "hplip-hpssd-dos(44440)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending \"msg=0\" to TCP port 2207." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30683" + }, + { + "name": "hplip-hpssd-dos(44440)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44440" + }, + { + "name": "31470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31470" + }, + { + "name": "MDVSA-2008:169", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:169" + }, + { + "name": "SUSE-SR:2008:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:10636", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10636" + }, + { + "name": "USN-674-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-674-1" + }, + { + "name": "1020683", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020683" + }, + { + "name": "USN-674-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-674-2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=457052", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457052" + }, + { + "name": "32792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32792" + }, + { + "name": "31499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31499" + }, + { + "name": "32316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32316" + }, + { + "name": "RHSA-2008:0818", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0818.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6200.json b/2008/6xxx/CVE-2008-6200.json index d9c238e0112..31829de7302 100644 --- a/2008/6xxx/CVE-2008-6200.json +++ b/2008/6xxx/CVE-2008-6200.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080407 Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490561/100/0/threaded" - }, - { - "name" : "28680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28680" - }, - { - "name" : "swiki-entry-xss(48839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48839" - }, - { - "name" : "swiki-query-xss(48838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "swiki-entry-xss(48839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48839" + }, + { + "name": "20080407 Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490561/100/0/threaded" + }, + { + "name": "28680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28680" + }, + { + "name": "swiki-query-xss(48838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48838" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6783.json b/2008/6xxx/CVE-2008-6783.json index e3942f224af..381e2488f18 100644 --- a/2008/6xxx/CVE-2008-6783.json +++ b/2008/6xxx/CVE-2008-6783.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6907", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6907" - }, - { - "name" : "32021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32021" - }, - { - "name" : "49552", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/49552" - }, - { - "name" : "32558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32558" - }, - { - "name" : "sfs-directoryphp-sql-injection(46251)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32021" + }, + { + "name": "6907", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6907" + }, + { + "name": "49552", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/49552" + }, + { + "name": "32558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32558" + }, + { + "name": "sfs-directoryphp-sql-injection(46251)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46251" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1345.json b/2012/1xxx/CVE-2012-1345.json index 48506d75981..965e85af2c0 100644 --- a/2012/1xxx/CVE-2012-1345.json +++ b/2012/1xxx/CVE-2012-1345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1345", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1345", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1952.json b/2012/1xxx/CVE-2012-1952.json index 8a56f99d867..49aa85b7147 100644 --- a/2012/1xxx/CVE-2012-1952.json +++ b/2012/1xxx/CVE-2012-1952.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-44.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-44.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=759249", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=759249" - }, - { - "name" : "RHSA-2012:1088", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1088.html" - }, - { - "name" : "openSUSE-SU-2012:0899", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html" - }, - { - "name" : "openSUSE-SU-2012:0917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:0895", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html" - }, - { - "name" : "SUSE-SU-2012:0896", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html" - }, - { - "name" : "USN-1509-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1509-1" - }, - { - "name" : "USN-1509-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1509-2" - }, - { - "name" : "USN-1510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1510-1" - }, - { - "name" : "54578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54578" - }, - { - "name" : "83999", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83999" - }, - { - "name" : "oval:org.mitre.oval:def:16942", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16942" - }, - { - "name" : "1027256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027256" - }, - { - "name" : "1027257", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027257" - }, - { - "name" : "1027258", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027258" - }, - { - "name" : "49965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49965" - }, - { - "name" : "49972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49972" - }, - { - "name" : "49992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49992" - }, - { - "name" : "49968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49968" - }, - { - "name" : "49977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49977" - }, - { - "name" : "49979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49979" - }, - { - "name" : "49993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49993" - }, - { - "name" : "49994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49977" + }, + { + "name": "49992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49992" + }, + { + "name": "54578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54578" + }, + { + "name": "1027256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027256" + }, + { + "name": "RHSA-2012:1088", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-44.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-44.html" + }, + { + "name": "USN-1509-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1509-2" + }, + { + "name": "1027258", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027258" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=759249", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=759249" + }, + { + "name": "49979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49979" + }, + { + "name": "SUSE-SU-2012:0895", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html" + }, + { + "name": "USN-1510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1510-1" + }, + { + "name": "49965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49965" + }, + { + "name": "1027257", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027257" + }, + { + "name": "openSUSE-SU-2012:0917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" + }, + { + "name": "83999", + "refsource": "OSVDB", + "url": "http://osvdb.org/83999" + }, + { + "name": "SUSE-SU-2012:0896", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html" + }, + { + "name": "49994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49994" + }, + { + "name": "openSUSE-SU-2012:0899", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html" + }, + { + "name": "49968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49968" + }, + { + "name": "USN-1509-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1509-1" + }, + { + "name": "oval:org.mitre.oval:def:16942", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16942" + }, + { + "name": "49993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49993" + }, + { + "name": "49972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49972" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5160.json b/2012/5xxx/CVE-2012-5160.json index 240dcfe5dc8..0edcb7d31ea 100644 --- a/2012/5xxx/CVE-2012-5160.json +++ b/2012/5xxx/CVE-2012-5160.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5160", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5160", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11481.json b/2017/11xxx/CVE-2017-11481.json index 49d73e8c851..901f478dcfa 100644 --- a/2017/11xxx/CVE-2017-11481.json +++ b/2017/11xxx/CVE-2017-11481.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@elastic.co", - "ID" : "CVE-2017-11481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kibana", - "version" : { - "version_data" : [ - { - "version_value" : "before 6.0.1 and 5.6.5" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2017-11481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "before 6.0.1 and 5.6.5" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571", - "refsource" : "CONFIRM", - "url" : "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571", + "refsource": "CONFIRM", + "url": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11586.json b/2017/11xxx/CVE-2017-11586.json index 243177a5006..fff459ad13d 100644 --- a/2017/11xxx/CVE-2017-11586.json +++ b/2017/11xxx/CVE-2017-11586.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse", - "refsource" : "MISC", - "url" : "http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse", + "refsource": "MISC", + "url": "http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11942.json b/2017/11xxx/CVE-2017-11942.json index 6c65b0334ba..b6976f81011 100644 --- a/2017/11xxx/CVE-2017-11942.json +++ b/2017/11xxx/CVE-2017-11942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11942", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11942", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15348.json b/2017/15xxx/CVE-2017-15348.json index a2eef4cfe64..07973ebb6d6 100644 --- a/2017/15xxx/CVE-2017-15348.json +++ b/2017/15xxx/CVE-2017-15348.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-15348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IPS Module,NGFW Module,NIP6300,NIP6600,Secospace USG6300,Secospace USG6500,Secospace USG6600,USG9500,", - "version" : { - "version_data" : [ - { - "version_value" : "IPS Module V500R001C00,NGFW Module V500R001C00,NIP6300 V500R001C00,NIP6600 V500R001C00,Secospace USG6300 V500R001C00,Secospace USG6500 V500R001C00,Secospace USG6600 V500R001C00,USG9500 V500R001C00," - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-15348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IPS Module,NGFW Module,NIP6300,NIP6600,Secospace USG6300,Secospace USG6500,Secospace USG6600,USG9500,", + "version": { + "version_data": [ + { + "version_value": "IPS Module V500R001C00,NGFW Module V500R001C00,NIP6300 V500R001C00,NIP6600 V500R001C00,Secospace USG6300 V500R001C00,Secospace USG6500 V500R001C00,Secospace USG6600 V500R001C00,USG9500 V500R001C00," + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15880.json b/2017/15xxx/CVE-2017-15880.json index 68bd021903d..d5788c9556b 100644 --- a/2017/15xxx/CVE-2017-15880.json +++ b/2017/15xxx/CVE-2017-15880.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php%20SQLi", - "refsource" : "MISC", - "url" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php%20SQLi" - }, - { - "name" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php-update_group-SQL%20injection%20vulnerability", - "refsource" : "MISC", - "url" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php-update_group-SQL%20injection%20vulnerability" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php-update_group-SQL%20injection%20vulnerability", + "refsource": "MISC", + "url": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php-update_group-SQL%20injection%20vulnerability" + }, + { + "name": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php%20SQLi", + "refsource": "MISC", + "url": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php%20SQLi" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15985.json b/2017/15xxx/CVE-2017-15985.json index 02fd9d24b73..6a3efc8af99 100644 --- a/2017/15xxx/CVE-2017-15985.json +++ b/2017/15xxx/CVE-2017-15985.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43074", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43074/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43074", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43074/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3081.json b/2017/3xxx/CVE-2017-3081.json index 1d0d7b71da8..8cb542cb9f8 100644 --- a/2017/3xxx/CVE-2017-3081.json +++ b/2017/3xxx/CVE-2017-3081.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 25.0.0.171 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 25.0.0.171 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 25.0.0.171 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 25.0.0.171 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" - }, - { - "name" : "GLSA-201707-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-15" - }, - { - "name" : "RHSA-2017:1439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1439" - }, - { - "name" : "99023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99023" - }, - { - "name" : "1038655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" + }, + { + "name": "99023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99023" + }, + { + "name": "1038655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038655" + }, + { + "name": "RHSA-2017:1439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1439" + }, + { + "name": "GLSA-201707-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-15" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3478.json b/2017/3xxx/CVE-2017-3478.json index d6c87956065..3b0758f3cb0 100644 --- a/2017/3xxx/CVE-2017-3478.json +++ b/2017/3xxx/CVE-2017-3478.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Private Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Private Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97800" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + }, + { + "name": "97800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97800" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3720.json b/2017/3xxx/CVE-2017-3720.json index f3fb7d08f44..3ef2dc77189 100644 --- a/2017/3xxx/CVE-2017-3720.json +++ b/2017/3xxx/CVE-2017-3720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3720", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3720", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3770.json b/2017/3xxx/CVE-2017-3770.json index 06b06f9b5b9..b2f4a9feb08 100644 --- a/2017/3xxx/CVE-2017-3770.json +++ b/2017/3xxx/CVE-2017-3770.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2017-09-21T00:00:00", - "ID" : "CVE-2017-3770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lenovo XClarity Administrator (LXCA)", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than 1.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2017-09-21T00:00:00", + "ID": "CVE-2017-3770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lenovo XClarity Administrator (LXCA)", + "version": { + "version_data": [ + { + "version_value": "Earlier than 1.3.2" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-16333", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-16333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-16333", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-16333" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8406.json b/2017/8xxx/CVE-2017-8406.json index 33b3ea18dee..29f7c950515 100644 --- a/2017/8xxx/CVE-2017-8406.json +++ b/2017/8xxx/CVE-2017-8406.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8406", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8406", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8439.json b/2017/8xxx/CVE-2017-8439.json index 9eeaac9d306..2d717b3329d 100644 --- a/2017/8xxx/CVE-2017-8439.json +++ b/2017/8xxx/CVE-2017-8439.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@elastic.co", - "ID" : "CVE-2017-8439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kibana", - "version" : { - "version_data" : [ - { - "version_value" : "5.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2017-8439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "5.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952", - "refsource" : "CONFIRM", - "url" : "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952" - }, - { - "name" : "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released" - }, - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released" + }, + { + "name": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952", + "refsource": "CONFIRM", + "url": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952" + }, + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10462.json b/2018/10xxx/CVE-2018-10462.json index 9060d42b59f..e5ed01df111 100644 --- a/2018/10xxx/CVE-2018-10462.json +++ b/2018/10xxx/CVE-2018-10462.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10462", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10462", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12399.json b/2018/12xxx/CVE-2018-12399.json index 84d78cfd9c1..431b80b1f22 100644 --- a/2018/12xxx/CVE-2018-12399.json +++ b/2018/12xxx/CVE-2018-12399.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "63" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing of protocol registration notification bar" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "63" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1490276", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1490276" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-26/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-26/" - }, - { - "name" : "USN-3801-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3801-1/" - }, - { - "name" : "105721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105721" - }, - { - "name" : "1041944", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing of protocol registration notification bar" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-26/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-26/" + }, + { + "name": "105721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105721" + }, + { + "name": "USN-3801-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3801-1/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490276", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490276" + }, + { + "name": "1041944", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041944" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12569.json b/2018/12xxx/CVE-2018-12569.json index 185515c3156..07cb2b83b53 100644 --- a/2018/12xxx/CVE-2018-12569.json +++ b/2018/12xxx/CVE-2018-12569.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12569", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12569", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12781.json b/2018/12xxx/CVE-2018-12781.json index cd55c0cce12..9857ee3c5b5 100644 --- a/2018/12xxx/CVE-2018-12781.json +++ b/2018/12xxx/CVE-2018-12781.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12786.json b/2018/12xxx/CVE-2018-12786.json index 4784185259c..c1135c5afe3 100644 --- a/2018/12xxx/CVE-2018-12786.json +++ b/2018/12xxx/CVE-2018-12786.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12802.json b/2018/12xxx/CVE-2018-12802.json index 7916c162e9c..802875d3c9e 100644 --- a/2018/12xxx/CVE-2018-12802.json +++ b/2018/12xxx/CVE-2018-12802.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104704" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + }, + { + "name": "104704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104704" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12999.json b/2018/12xxx/CVE-2018-12999.json index e5e788faa8c..564ea6787f4 100644 --- a/2018/12xxx/CVE-2018-12999.json +++ b/2018/12xxx/CVE-2018-12999.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180720 [CVE-2018-12999]Zoho manageengine Desktop Central Arbitrary File Deletion", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/74" - }, - { - "name" : "https://github.com/unh3x/just4cve/issues/9", - "refsource" : "MISC", - "url" : "https://github.com/unh3x/just4cve/issues/9" - }, - { - "name" : "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-035", - "refsource" : "MISC", - "url" : "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-035" - }, - { - "name" : "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html" + }, + { + "name": "https://github.com/unh3x/just4cve/issues/9", + "refsource": "MISC", + "url": "https://github.com/unh3x/just4cve/issues/9" + }, + { + "name": "20180720 [CVE-2018-12999]Zoho manageengine Desktop Central Arbitrary File Deletion", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/74" + }, + { + "name": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-035", + "refsource": "MISC", + "url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-035" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13165.json b/2018/13xxx/CVE-2018-13165.json index 18fbf8dbadf..b1dd52f73ee 100644 --- a/2018/13xxx/CVE-2018-13165.json +++ b/2018/13xxx/CVE-2018-13165.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DCoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DCoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DCoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DCoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13335.json b/2018/13xxx/CVE-2018-13335.json index 45dcb7d0ec2..bc2b0054ecc 100644 --- a/2018/13xxx/CVE-2018-13335.json +++ b/2018/13xxx/CVE-2018-13335.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13457.json b/2018/13xxx/CVE-2018-13457.json index e112aa99e05..2a82bf4bdb3 100644 --- a/2018/13xxx/CVE-2018-13457.json +++ b/2018/13xxx/CVE-2018-13457.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45082", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45082/" - }, - { - "name" : "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab", - "refsource" : "MISC", - "url" : "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab" - }, - { - "name" : "https://knowledge.opsview.com/v5.3/docs/whats-new", - "refsource" : "CONFIRM", - "url" : "https://knowledge.opsview.com/v5.3/docs/whats-new" - }, - { - "name" : "https://knowledge.opsview.com/v5.4/docs/whats-new", - "refsource" : "CONFIRM", - "url" : "https://knowledge.opsview.com/v5.4/docs/whats-new" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://knowledge.opsview.com/v5.4/docs/whats-new", + "refsource": "CONFIRM", + "url": "https://knowledge.opsview.com/v5.4/docs/whats-new" + }, + { + "name": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab", + "refsource": "MISC", + "url": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab" + }, + { + "name": "45082", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45082/" + }, + { + "name": "https://knowledge.opsview.com/v5.3/docs/whats-new", + "refsource": "CONFIRM", + "url": "https://knowledge.opsview.com/v5.3/docs/whats-new" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13941.json b/2018/13xxx/CVE-2018-13941.json index 8f4473f7059..a788991c648 100644 --- a/2018/13xxx/CVE-2018-13941.json +++ b/2018/13xxx/CVE-2018-13941.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13941", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13941", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13966.json b/2018/13xxx/CVE-2018-13966.json index 78e4c9ff0d7..dcc35cc5c71 100644 --- a/2018/13xxx/CVE-2018-13966.json +++ b/2018/13xxx/CVE-2018-13966.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13966", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13966", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13992.json b/2018/13xxx/CVE-2018-13992.json index df7a29eb5a2..41d359f8969 100644 --- a/2018/13xxx/CVE-2018-13992.json +++ b/2018/13xxx/CVE-2018-13992.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13992", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13992", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16199.json b/2018/16xxx/CVE-2018-16199.json index 0b87e6c90e4..277f7ab2c07 100644 --- a/2018/16xxx/CVE-2018-16199.json +++ b/2018/16xxx/CVE-2018-16199.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", - "version" : { - "version_data" : [ - { - "version_value" : "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "Toshiba Lighting & Technology Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", + "version": { + "version_data": [ + { + "version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Lighting & Technology Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm", - "refsource" : "MISC", - "url" : "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" - }, - { - "name" : "JVN#99810718", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN99810718/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#99810718", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN99810718/index.html" + }, + { + "name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm", + "refsource": "MISC", + "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16672.json b/2018/16xxx/CVE-2018-16672.json index 4d8f06bb5ce..604c03a2fd4 100644 --- a/2018/16xxx/CVE-2018-16672.json +++ b/2018/16xxx/CVE-2018-16672.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45384", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45384/" - }, - { - "name" : "https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life", - "refsource" : "MISC", - "url" : "https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45384", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45384/" + }, + { + "name": "https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life", + "refsource": "MISC", + "url": "https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16757.json b/2018/16xxx/CVE-2018-16757.json index 966cd5a92b9..c6c87e3943e 100644 --- a/2018/16xxx/CVE-2018-16757.json +++ b/2018/16xxx/CVE-2018-16757.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16757", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16757", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17149.json b/2018/17xxx/CVE-2018-17149.json index ba6ec1baea3..60daa876c08 100644 --- a/2018/17xxx/CVE-2018-17149.json +++ b/2018/17xxx/CVE-2018-17149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17149", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17149", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17341.json b/2018/17xxx/CVE-2018-17341.json index d619f70e3ab..8e7d4d6f58b 100644 --- a/2018/17xxx/CVE-2018-17341.json +++ b/2018/17xxx/CVE-2018-17341.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\\ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/345", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\\ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/345", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/345" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17508.json b/2018/17xxx/CVE-2018-17508.json index 18ddd4f51e7..e8af095a149 100644 --- a/2018/17xxx/CVE-2018-17508.json +++ b/2018/17xxx/CVE-2018-17508.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17508", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17508", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file