From 0b3848e2495a6223450100695f8058343f176476 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:55:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0250.json | 34 ++-- 2003/0xxx/CVE-2003-0392.json | 120 +++++++------- 2003/0xxx/CVE-2003-0872.json | 130 +++++++-------- 2003/1xxx/CVE-2003-1066.json | 160 +++++++++---------- 2003/1xxx/CVE-2003-1526.json | 130 +++++++-------- 2003/1xxx/CVE-2003-1540.json | 170 ++++++++++---------- 2004/0xxx/CVE-2004-0043.json | 180 ++++++++++----------- 2004/0xxx/CVE-2004-0093.json | 170 ++++++++++---------- 2004/0xxx/CVE-2004-0217.json | 140 ++++++++--------- 2004/0xxx/CVE-2004-0770.json | 150 +++++++++--------- 2004/0xxx/CVE-2004-0909.json | 190 +++++++++++----------- 2004/0xxx/CVE-2004-0918.json | 280 ++++++++++++++++----------------- 2004/1xxx/CVE-2004-1545.json | 170 ++++++++++---------- 2004/2xxx/CVE-2004-2213.json | 160 +++++++++---------- 2004/2xxx/CVE-2004-2332.json | 150 +++++++++--------- 2008/2xxx/CVE-2008-2147.json | 160 +++++++++---------- 2008/2xxx/CVE-2008-2263.json | 150 +++++++++--------- 2008/2xxx/CVE-2008-2349.json | 150 +++++++++--------- 2008/2xxx/CVE-2008-2765.json | 160 +++++++++---------- 2008/2xxx/CVE-2008-2903.json | 150 +++++++++--------- 2008/6xxx/CVE-2008-6408.json | 150 +++++++++--------- 2008/6xxx/CVE-2008-6843.json | 140 ++++++++--------- 2012/1xxx/CVE-2012-1264.json | 130 +++++++-------- 2012/1xxx/CVE-2012-1431.json | 130 +++++++-------- 2012/1xxx/CVE-2012-1584.json | 230 +++++++++++++-------------- 2012/1xxx/CVE-2012-1805.json | 130 +++++++-------- 2012/1xxx/CVE-2012-1845.json | 170 ++++++++++---------- 2012/5xxx/CVE-2012-5632.json | 34 ++-- 2012/5xxx/CVE-2012-5851.json | 140 ++++++++--------- 2012/5xxx/CVE-2012-5903.json | 150 +++++++++--------- 2012/5xxx/CVE-2012-5993.json | 34 ++-- 2017/11xxx/CVE-2017-11626.json | 140 ++++++++--------- 2017/11xxx/CVE-2017-11672.json | 120 +++++++------- 2017/11xxx/CVE-2017-11708.json | 34 ++-- 2017/11xxx/CVE-2017-11943.json | 34 ++-- 2017/3xxx/CVE-2017-3187.json | 154 +++++++++--------- 2017/3xxx/CVE-2017-3256.json | 160 +++++++++---------- 2017/3xxx/CVE-2017-3612.json | 132 ++++++++-------- 2017/3xxx/CVE-2017-3676.json | 34 ++-- 2017/3xxx/CVE-2017-3910.json | 34 ++-- 2017/3xxx/CVE-2017-3936.json | 202 ++++++++++++------------ 2017/3xxx/CVE-2017-3991.json | 34 ++-- 2017/7xxx/CVE-2017-7647.json | 120 +++++++------- 2017/7xxx/CVE-2017-7683.json | 122 +++++++------- 2017/8xxx/CVE-2017-8291.json | 210 ++++++++++++------------- 2017/8xxx/CVE-2017-8313.json | 150 +++++++++--------- 2017/8xxx/CVE-2017-8541.json | 150 +++++++++--------- 2017/8xxx/CVE-2017-8798.json | 130 +++++++-------- 2017/8xxx/CVE-2017-8882.json | 34 ++-- 2018/10xxx/CVE-2018-10111.json | 120 +++++++------- 2018/10xxx/CVE-2018-10231.json | 120 +++++++------- 2018/12xxx/CVE-2018-12053.json | 130 +++++++-------- 2018/12xxx/CVE-2018-12207.json | 34 ++-- 2018/12xxx/CVE-2018-12518.json | 34 ++-- 2018/13xxx/CVE-2018-13240.json | 34 ++-- 2018/13xxx/CVE-2018-13298.json | 34 ++-- 2018/13xxx/CVE-2018-13770.json | 130 +++++++-------- 2018/17xxx/CVE-2018-17022.json | 120 +++++++------- 2018/17xxx/CVE-2018-17283.json | 130 +++++++-------- 2018/17xxx/CVE-2018-17417.json | 34 ++-- 2018/17xxx/CVE-2018-17441.json | 150 +++++++++--------- 2018/17xxx/CVE-2018-17832.json | 130 +++++++-------- 62 files changed, 3868 insertions(+), 3868 deletions(-) diff --git a/2003/0xxx/CVE-2003-0250.json b/2003/0xxx/CVE-2003-0250.json index 6d69330b14d..77133f12a80 100644 --- a/2003/0xxx/CVE-2003-0250.json +++ b/2003/0xxx/CVE-2003-0250.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0250", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0250", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0392.json b/2003/0xxx/CVE-2003-0392.json index f03f60b562c..45987c57d73 100644 --- a/2003/0xxx/CVE-2003-0392.json +++ b/2003/0xxx/CVE-2003-0392.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030523 ST FTP Service v3.0: directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105372353017778&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030523 ST FTP Service v3.0: directory traversal", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105372353017778&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0872.json b/2003/0xxx/CVE-2003-0872.json index ece30f356e3..109c80444dd 100644 --- a/2003/0xxx/CVE-2003-0872.json +++ b/2003/0xxx/CVE-2003-0872.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CSSA-2003-SCO.27", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27/CSSA-2003-SCO.27.txt" - }, - { - "name" : "8864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8864" + }, + { + "name": "CSSA-2003-SCO.27", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27/CSSA-2003-SCO.27.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1066.json b/2003/1xxx/CVE-2003-1066.json index f62cbbeb12c..3e42f2c93b0 100644 --- a/2003/1xxx/CVE-2003-1066.json +++ b/2003/1xxx/CVE-2003-1066.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030604 Solaris syslogd overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/324015" - }, - { - "name" : "55440", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55440-1" - }, - { - "name" : "7820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7820" - }, - { - "name" : "8944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8944/" - }, - { - "name" : "sun-syslogd-bo(12194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55440", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55440-1" + }, + { + "name": "sun-syslogd-bo(12194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12194" + }, + { + "name": "20030604 Solaris syslogd overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/324015" + }, + { + "name": "8944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8944/" + }, + { + "name": "7820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7820" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1526.json b/2003/1xxx/CVE-2003-1526.json index 9a729c12ca1..0f5f38082ac 100644 --- a/2003/1xxx/CVE-2003-1526.json +++ b/2003/1xxx/CVE-2003-1526.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) \", (2) ', or (3) > in the search field, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031018 PHP-Nuke Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/341743" - }, - { - "name" : "8848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) \", (2) ', or (3) > in the search field, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8848" + }, + { + "name": "20031018 PHP-Nuke Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/341743" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1540.json b/2003/1xxx/CVE-2003-1540.json index 958c5c3a760..10732c55ae6 100644 --- a/2003/1xxx/CVE-2003-1540.json +++ b/2003/1xxx/CVE-2003-1540.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030319 WF-Chat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/315583/30/25430/threaded" - }, - { - "name" : "7147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7147" - }, - { - "name" : "1006352", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1006352" - }, - { - "name" : "8396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8396" - }, - { - "name" : "3645", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3645" - }, - { - "name" : "wf-chat-plaintext-passwords(11571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1006352", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1006352" + }, + { + "name": "7147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7147" + }, + { + "name": "20030319 WF-Chat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/315583/30/25430/threaded" + }, + { + "name": "8396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8396" + }, + { + "name": "3645", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3645" + }, + { + "name": "wf-chat-plaintext-passwords(11571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11571" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0043.json b/2004/0xxx/CVE-2004-0043.json index a1c41ffe013..77c7588862e 100644 --- a/2004/0xxx/CVE-2004-0043.json +++ b/2004/0xxx/CVE-2004-0043.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107357996802255&w=2" - }, - { - "name" : "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html" - }, - { - "name" : "9383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9383" - }, - { - "name" : "3437", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3437" - }, - { - "name" : "1008651", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008651" - }, - { - "name" : "10573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10573" - }, - { - "name" : "yahoo-messenger-filename-bo(14171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107357996802255&w=2" + }, + { + "name": "10573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10573" + }, + { + "name": "1008651", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008651" + }, + { + "name": "9383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9383" + }, + { + "name": "3437", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3437" + }, + { + "name": "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html" + }, + { + "name": "yahoo-messenger-filename-bo(14171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14171" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0093.json b/2004/0xxx/CVE-2004-0093.json index e9b3537f14d..477eda50e0c 100644 --- a/2004/0xxx/CVE-2004-0093.json +++ b/2004/0xxx/CVE-2004-0093.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLSA-2004:824", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824" - }, - { - "name" : "DSA-443", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-443" - }, - { - "name" : "RHSA-2004:152", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-152.html" - }, - { - "name" : "20040406-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" - }, - { - "name" : "9701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9701" - }, - { - "name" : "xfree86-glx-array-dos(15272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-443", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-443" + }, + { + "name": "xfree86-glx-array-dos(15272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" + }, + { + "name": "20040406-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" + }, + { + "name": "9701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9701" + }, + { + "name": "RHSA-2004:152", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" + }, + { + "name": "CLSA-2004:824", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0217.json b/2004/0xxx/CVE-2004-0217.json index 2d02571ff16..150b2f3ab26 100644 --- a/2004/0xxx/CVE-2004-0217.json +++ b/2004/0xxx/CVE-2004-0217.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040216 Possible race condition in Symantec AntiVirus Scan Engine for Red", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107694800908164&w=2" - }, - { - "name" : "symantec-scanengine-race-condition(15215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15215" - }, - { - "name" : "9662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9662" + }, + { + "name": "symantec-scanengine-race-condition(15215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15215" + }, + { + "name": "20040216 Possible race condition in Symantec AntiVirus Scan Engine for Red", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107694800908164&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0770.json b/2004/0xxx/CVE-2004-0770.json index 923689e0512..b5ef06e996d 100644 --- a/2004/0xxx/CVE-2004-0770.json +++ b/2004/0xxx/CVE-2004-0770.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=263282&archive=yes", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=263282&archive=yes" - }, - { - "name" : "12214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12214" - }, - { - "name" : "10855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10855" - }, - { - "name" : "dgen-rom-decompression-symlink(16884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=263282&archive=yes", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=263282&archive=yes" + }, + { + "name": "dgen-rom-decompression-symlink(16884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16884" + }, + { + "name": "12214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12214" + }, + { + "name": "10855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10855" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0909.json b/2004/0xxx/CVE-2004-0909.json index d48d06e74a9..f8f94ca2ef7 100644 --- a/2004/0xxx/CVE-2004-0909.json +++ b/2004/0xxx/CVE-2004-0909.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=253942", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=253942" - }, - { - "name" : "GLSA-200409-26", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200409-26.xml" - }, - { - "name" : "SSRT4826", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=109698896104418&w=2" - }, - { - "name" : "SUSE-SA:2004:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" - }, - { - "name" : "VU#113192", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/113192" - }, - { - "name" : "12526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12526" - }, - { - "name" : "mozilla-enableprivilege-modify-dialog(17377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=253942", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=253942" + }, + { + "name": "SUSE-SA:2004:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" + }, + { + "name": "VU#113192", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/113192" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" + }, + { + "name": "GLSA-200409-26", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" + }, + { + "name": "mozilla-enableprivilege-modify-dialog(17377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377" + }, + { + "name": "SSRT4826", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=109698896104418&w=2" + }, + { + "name": "12526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12526" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0918.json b/2004/0xxx/CVE-2004-0918.json index 26b16035daf..5d4c3eff3b4 100644 --- a/2004/0xxx/CVE-2004-0918.json +++ b/2004/0xxx/CVE-2004-0918.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=false" - }, - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt" - }, - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt" - }, - { - "name" : "CLA-2005:923", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923" - }, - { - "name" : "FLSA-2006:152809", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "FEDORA-2008-6045", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html" - }, - { - "name" : "GLSA-200410-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml" - }, - { - "name" : "RHSA-2004:591", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-591.html" - }, - { - "name" : "SCOSA-2005.16", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt" - }, - { - "name" : "OpenPKG-SA-2004.048", - "refsource" : "OPENPKG", - "url" : "http://marc.info/?l=bugtraq&m=109913064629327&w=2" - }, - { - "name" : "SUSE-SR:2008:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" - }, - { - "name" : "11385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11385" - }, - { - "name" : "oval:org.mitre.oval:def:10931", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931" - }, - { - "name" : "ADV-2008-1969", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1969/references" - }, - { - "name" : "30914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30914" - }, - { - "name" : "30967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30967" - }, - { - "name" : "squid-snmp-asnparseheader-dos(17688)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2005:923", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923" + }, + { + "name": "11385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11385" + }, + { + "name": "SCOSA-2005.16", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt" + }, + { + "name": "RHSA-2004:591", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-591.html" + }, + { + "name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=false" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt" + }, + { + "name": "oval:org.mitre.oval:def:10931", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931" + }, + { + "name": "ADV-2008-1969", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1969/references" + }, + { + "name": "30967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30967" + }, + { + "name": "FLSA-2006:152809", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "SUSE-SR:2008:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" + }, + { + "name": "FEDORA-2008-6045", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html" + }, + { + "name": "OpenPKG-SA-2004.048", + "refsource": "OPENPKG", + "url": "http://marc.info/?l=bugtraq&m=109913064629327&w=2" + }, + { + "name": "squid-snmp-asnparseheader-dos(17688)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688" + }, + { + "name": "30914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30914" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt" + }, + { + "name": "GLSA-200410-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1545.json b/2004/1xxx/CVE-2004-1545.json index b59b2b8dfb6..6557c8a171a 100644 --- a/2004/1xxx/CVE-2004-1545.json +++ b/2004/1xxx/CVE-2004-1545.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041215 STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110314544711884&w=2" - }, - { - "name" : "20041215 STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0448.html" - }, - { - "name" : "http://kldp.net/scm/cvsweb.php/moniwiki/plugin/UploadFile.php.diff?cvsroot=moniwiki&only_with_tag=HEAD&r1=text&tr1=1.17&r2=text&tr2=1.16&f=h", - "refsource" : "CONFIRM", - "url" : "http://kldp.net/scm/cvsweb.php/moniwiki/plugin/UploadFile.php.diff?cvsroot=moniwiki&only_with_tag=HEAD&r1=text&tr1=1.17&r2=text&tr2=1.16&f=h" - }, - { - "name" : "11951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11951" - }, - { - "name" : "13478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13478" - }, - { - "name" : "moniwiki-file-upload(18493)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13478" + }, + { + "name": "11951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11951" + }, + { + "name": "20041215 STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0448.html" + }, + { + "name": "http://kldp.net/scm/cvsweb.php/moniwiki/plugin/UploadFile.php.diff?cvsroot=moniwiki&only_with_tag=HEAD&r1=text&tr1=1.17&r2=text&tr2=1.16&f=h", + "refsource": "CONFIRM", + "url": "http://kldp.net/scm/cvsweb.php/moniwiki/plugin/UploadFile.php.diff?cvsroot=moniwiki&only_with_tag=HEAD&r1=text&tr1=1.17&r2=text&tr2=1.16&f=h" + }, + { + "name": "20041215 STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110314544711884&w=2" + }, + { + "name": "moniwiki-file-upload(18493)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18493" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2213.json b/2004/2xxx/CVE-2004-2213.json index a63202de1ae..b27876b2fa2 100644 --- a/2004/2xxx/CVE-2004-2213.json +++ b/2004/2xxx/CVE-2004-2213.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (\".\") or (2) trailing space in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html", - "refsource" : "CONFIRM", - "url" : "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html" - }, - { - "name" : "10673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10673" - }, - { - "name" : "7390", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7390" - }, - { - "name" : "12011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12011" - }, - { - "name" : "mbedthis-character-information-disclosure(16636)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (\".\") or (2) trailing space in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html", + "refsource": "CONFIRM", + "url": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html" + }, + { + "name": "7390", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7390" + }, + { + "name": "mbedthis-character-information-disclosure(16636)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16636" + }, + { + "name": "12011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12011" + }, + { + "name": "10673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10673" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2332.json b/2004/2xxx/CVE-2004-2332.json index e32d8cd5089..4086a006393 100644 --- a/2004/2xxx/CVE-2004-2332.json +++ b/2004/2xxx/CVE-2004-2332.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/unixfocus/5IP0L2KBPM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5IP0L2KBPM.html" - }, - { - "name" : "9526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9526" - }, - { - "name" : "10751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10751" - }, - { - "name" : "wwwform-xss(14985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/unixfocus/5IP0L2KBPM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5IP0L2KBPM.html" + }, + { + "name": "10751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10751" + }, + { + "name": "9526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9526" + }, + { + "name": "wwwform-xss(14985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14985" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2147.json b/2008/2xxx/CVE-2008-2147.json index 2dc678aa832..349e5ac5ec8 100644 --- a/2008/2xxx/CVE-2008-2147.json +++ b/2008/2xxx/CVE-2008-2147.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181" - }, - { - "name" : "http://trac.videolan.org/vlc/ticket/1578", - "refsource" : "CONFIRM", - "url" : "http://trac.videolan.org/vlc/ticket/1578" - }, - { - "name" : "GLSA-200807-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200807-13.xml" - }, - { - "name" : "31317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31317" - }, - { - "name" : "vlc-searchpath-code-execution(42377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31317" + }, + { + "name": "vlc-searchpath-code-execution(42377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377" + }, + { + "name": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181" + }, + { + "name": "http://trac.videolan.org/vlc/ticket/1578", + "refsource": "CONFIRM", + "url": "http://trac.videolan.org/vlc/ticket/1578" + }, + { + "name": "GLSA-200807-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200807-13.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2263.json b/2008/2xxx/CVE-2008-2263.json index 8eb5e3a6a32..ae516409b84 100644 --- a/2008/2xxx/CVE-2008-2263.json +++ b/2008/2xxx/CVE-2008-2263.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5611", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5611" - }, - { - "name" : "29205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29205" - }, - { - "name" : "30243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30243" - }, - { - "name" : "automatedlinkexchange-catid-sql-injection(42401)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5611", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5611" + }, + { + "name": "30243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30243" + }, + { + "name": "automatedlinkexchange-catid-sql-injection(42401)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42401" + }, + { + "name": "29205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29205" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2349.json b/2008/2xxx/CVE-2008-2349.json index 7ea458a9fa1..1c571ab0c54 100644 --- a/2008/2xxx/CVE-2008-2349.json +++ b/2008/2xxx/CVE-2008-2349.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5634", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5634" - }, - { - "name" : "29258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29258" - }, - { - "name" : "30062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30062/" - }, - { - "name" : "zomplog-newuser-security-bypass(42476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29258" + }, + { + "name": "zomplog-newuser-security-bypass(42476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42476" + }, + { + "name": "5634", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5634" + }, + { + "name": "30062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30062/" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2765.json b/2008/2xxx/CVE-2008-2765.json index 6c268b6d181..dd5ff6aea22 100644 --- a/2008/2xxx/CVE-2008-2765.json +++ b/2008/2xxx/CVE-2008-2765.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Xigla Multiple Products - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121322052622903&w=2" - }, - { - "name" : "http://bugreport.ir/index.php?/41", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/41" - }, - { - "name" : "29672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29672" - }, - { - "name" : "3950", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3950" - }, - { - "name" : "absoluteimage-gallery-sql-injection(43052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugreport.ir/index.php?/41", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/41" + }, + { + "name": "29672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29672" + }, + { + "name": "absoluteimage-gallery-sql-injection(43052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43052" + }, + { + "name": "20080611 Xigla Multiple Products - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2" + }, + { + "name": "3950", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3950" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2903.json b/2008/2xxx/CVE-2008-2903.json index 89bce02f712..8f3a72aa822 100644 --- a/2008/2xxx/CVE-2008-2903.json +++ b/2008/2xxx/CVE-2008-2903.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5823", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5823" - }, - { - "name" : "29721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29721" - }, - { - "name" : "30646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30646" - }, - { - "name" : "awbs-news-sql-injection(43110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "awbs-news-sql-injection(43110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43110" + }, + { + "name": "30646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30646" + }, + { + "name": "5823", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5823" + }, + { + "name": "29721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29721" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6408.json b/2008/6xxx/CVE-2008-6408.json index dcd4c3399c9..4fd0e198ae2 100644 --- a/2008/6xxx/CVE-2008-6408.json +++ b/2008/6xxx/CVE-2008-6408.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6547", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6547" - }, - { - "name" : "31348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31348" - }, - { - "name" : "31706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31706" - }, - { - "name" : "olbookmarks-frame-file-include(45367)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31706" + }, + { + "name": "olbookmarks-frame-file-include(45367)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45367" + }, + { + "name": "31348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31348" + }, + { + "name": "6547", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6547" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6843.json b/2008/6xxx/CVE-2008-6843.json index 3b72130dcfd..b0682b7173d 100644 --- a/2008/6xxx/CVE-2008-6843.json +++ b/2008/6xxx/CVE-2008-6843.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081202 Cpanel fantastico Privilege Escalation \"ModSec and PHP restriction Bypass\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498814/100/0/threaded" - }, - { - "name" : "32578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32578" - }, - { - "name" : "cpanel-index-directory-traversal(46991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cpanel-index-directory-traversal(46991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991" + }, + { + "name": "20081202 Cpanel fantastico Privilege Escalation \"ModSec and PHP restriction Bypass\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded" + }, + { + "name": "32578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32578" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1264.json b/2012/1xxx/CVE-2012-1264.json index ffd7604adcc..a2edc4e09a3 100644 --- a/2012/1xxx/CVE-2012-1264.json +++ b/2012/1xxx/CVE-2012-1264.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gom.gomtv.com/gomIntro.html?type=4", - "refsource" : "CONFIRM", - "url" : "http://gom.gomtv.com/gomIntro.html?type=4" - }, - { - "name" : "gommediaplayer-avi-code-exec(74121)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gommediaplayer-avi-code-exec(74121)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74121" + }, + { + "name": "http://gom.gomtv.com/gomIntro.html?type=4", + "refsource": "CONFIRM", + "url": "http://gom.gomtv.com/gomIntro.html?type=4" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1431.json b/2012/1xxx/CVE-2012-1431.json index 973392eec78..978b28bbdce 100644 --- a/2012/1xxx/CVE-2012-1431.json +++ b/2012/1xxx/CVE-2012-1431.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1584.json b/2012/1xxx/CVE-2012-1584.json index f00965897b1..aad2090febb 100644 --- a/2012/1xxx/CVE-2012-1584.json +++ b/2012/1xxx/CVE-2012-1584.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120305 Re: CVE-Request taglib vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/19" - }, - { - "name" : "[oss-security] 20120321 Re: CVE-Request taglib vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/21/11" - }, - { - "name" : "[oss-security] 20120326 Re: CVE-Request taglib vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/26/4" - }, - { - "name" : "[pipermail] 20120304 multiple security vulnerabilities in taglib", - "refsource" : "MLIST", - "url" : "http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html" - }, - { - "name" : "[pipermail] 20120305 multiple security vulnerabilities in taglib", - "refsource" : "MLIST", - "url" : "http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html" - }, - { - "name" : "https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308", - "refsource" : "CONFIRM", - "url" : "https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308" - }, - { - "name" : "GLSA-201206-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml" - }, - { - "name" : "52290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52290" - }, - { - "name" : "48211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48211" - }, - { - "name" : "49688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49688" - }, - { - "name" : "48792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48792" - }, - { - "name" : "taglib-mid-dos(78909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49688" + }, + { + "name": "taglib-mid-dos(78909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78909" + }, + { + "name": "52290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52290" + }, + { + "name": "48792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48792" + }, + { + "name": "[pipermail] 20120304 multiple security vulnerabilities in taglib", + "refsource": "MLIST", + "url": "http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html" + }, + { + "name": "GLSA-201206-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml" + }, + { + "name": "[pipermail] 20120305 multiple security vulnerabilities in taglib", + "refsource": "MLIST", + "url": "http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html" + }, + { + "name": "[oss-security] 20120326 Re: CVE-Request taglib vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/26/4" + }, + { + "name": "[oss-security] 20120321 Re: CVE-Request taglib vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/21/11" + }, + { + "name": "48211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48211" + }, + { + "name": "https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308", + "refsource": "CONFIRM", + "url": "https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308" + }, + { + "name": "[oss-security] 20120305 Re: CVE-Request taglib vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/05/19" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1805.json b/2012/1xxx/CVE-2012-1805.json index e45b0f0db25..8e4f31d8b0c 100644 --- a/2012/1xxx/CVE-2012-1805.json +++ b/2012/1xxx/CVE-2012-1805.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to execute arbitrary code via long strings in unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-1805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-02.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-02.pdf" - }, - { - "name" : "koyo-ecom-bo(74875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to execute arbitrary code via long strings in unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-02.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-02.pdf" + }, + { + "name": "koyo-ecom-bo(74875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74875" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1845.json b/2012/1xxx/CVE-2012-1845.json index 5c88cbe34ee..14cbcc0bd45 100644 --- a/2012/1xxx/CVE-2012-1845.json +++ b/2012/1xxx/CVE-2012-1845.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated \"it really doesn't matter if it's third-party code.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pwn2own.zerodayinitiative.com/status.html", - "refsource" : "MISC", - "url" : "http://pwn2own.zerodayinitiative.com/status.html" - }, - { - "name" : "http://twitter.com/vupen/statuses/177576000761237505", - "refsource" : "MISC", - "url" : "http://twitter.com/vupen/statuses/177576000761237505" - }, - { - "name" : "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/" - }, - { - "name" : "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588", - "refsource" : "MISC", - "url" : "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588" - }, - { - "name" : "oval:org.mitre.oval:def:14843", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14843" - }, - { - "name" : "google-chrome-dep-code-execution(74323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated \"it really doesn't matter if it's third-party code.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pwn2own.zerodayinitiative.com/status.html", + "refsource": "MISC", + "url": "http://pwn2own.zerodayinitiative.com/status.html" + }, + { + "name": "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/" + }, + { + "name": "google-chrome-dep-code-execution(74323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74323" + }, + { + "name": "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588", + "refsource": "MISC", + "url": "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588" + }, + { + "name": "oval:org.mitre.oval:def:14843", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14843" + }, + { + "name": "http://twitter.com/vupen/statuses/177576000761237505", + "refsource": "MISC", + "url": "http://twitter.com/vupen/statuses/177576000761237505" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5632.json b/2012/5xxx/CVE-2012-5632.json index f3aac140723..e077c28b778 100644 --- a/2012/5xxx/CVE-2012-5632.json +++ b/2012/5xxx/CVE-2012-5632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5632", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5851.json b/2012/5xxx/CVE-2012-5851.json index 2ec678db61a..ff44a569610 100644 --- a/2012/5xxx/CVE-2012-5851.json +++ b/2012/5xxx/CVE-2012-5851.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html", - "refsource" : "MISC", - "url" : "http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=92692", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=92692" - }, - { - "name" : "webkit-webcore-sec-bypass(80072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webkit-webcore-sec-bypass(80072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80072" + }, + { + "name": "http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html", + "refsource": "MISC", + "url": "http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=92692", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=92692" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5903.json b/2012/5xxx/CVE-2012-5903.json index 862d71305c4..962f05663de 100644 --- a/2012/5xxx/CVE-2012-5903.json +++ b/2012/5xxx/CVE-2012-5903.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/111356/SMF-2.0.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111356/SMF-2.0.2-Cross-Site-Scripting.html" - }, - { - "name" : "52822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52822" - }, - { - "name" : "80766", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80766" - }, - { - "name" : "simplemachinesforum-index-xss(74521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/111356/SMF-2.0.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111356/SMF-2.0.2-Cross-Site-Scripting.html" + }, + { + "name": "simplemachinesforum-index-xss(74521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74521" + }, + { + "name": "52822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52822" + }, + { + "name": "80766", + "refsource": "OSVDB", + "url": "http://osvdb.org/80766" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5993.json b/2012/5xxx/CVE-2012-5993.json index 2f5d6c9c218..9358127e425 100644 --- a/2012/5xxx/CVE-2012-5993.json +++ b/2012/5xxx/CVE-2012-5993.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5993", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5993", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11626.json b/2017/11xxx/CVE-2017-11626.json index 2f3abcaf761..cb5f7062778 100644 --- a/2017/11xxx/CVE-2017-11626.json +++ b/2017/11xxx/CVE-2017-11626.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html", - "refsource" : "MISC", - "url" : "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html" - }, - { - "name" : "https://github.com/qpdf/qpdf/issues/119", - "refsource" : "MISC", - "url" : "https://github.com/qpdf/qpdf/issues/119" - }, - { - "name" : "USN-3638-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3638-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html", + "refsource": "MISC", + "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html" + }, + { + "name": "USN-3638-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3638-1/" + }, + { + "name": "https://github.com/qpdf/qpdf/issues/119", + "refsource": "MISC", + "url": "https://github.com/qpdf/qpdf/issues/119" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11672.json b/2017/11xxx/CVE-2017-11672.json index 8f6a7fd8d47..0624ed5c1cc 100644 --- a/2017/11xxx/CVE-2017-11672.json +++ b/2017/11xxx/CVE-2017-11672.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf", - "refsource" : "CONFIRM", - "url" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf", + "refsource": "CONFIRM", + "url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11708.json b/2017/11xxx/CVE-2017-11708.json index ee1f2502834..39a94fba567 100644 --- a/2017/11xxx/CVE-2017-11708.json +++ b/2017/11xxx/CVE-2017-11708.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11708", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11708", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11943.json b/2017/11xxx/CVE-2017-11943.json index d524ec92579..f8d1120ff71 100644 --- a/2017/11xxx/CVE-2017-11943.json +++ b/2017/11xxx/CVE-2017-11943.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11943", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11943", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3187.json b/2017/3xxx/CVE-2017-3187.json index fb2625ff5d5..0a93aeff025 100644 --- a/2017/3xxx/CVE-2017-3187.json +++ b/2017/3xxx/CVE-2017-3187.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3187", - "STATE" : "PUBLIC", - "TITLE" : "The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Administration Panel", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "3.7.1", - "version_value" : "3.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "docCMS" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Thanks to:\n\n[1]SafeDog Penetration and Defense Lab:darong tong\n[2]SafeDog Penetration and Defense Lab:yong cai\n[3]shaohong wu \n\nfor reporting these vulnerabilities." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3187", + "STATE": "PUBLIC", + "TITLE": "The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Administration Panel", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "3.7.1", + "version_value": "3.7.1" + } + ] + } + } + ] + }, + "vendor_name": "docCMS" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#168699", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/168699" - }, - { - "name" : "96616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96616" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to:\n\n[1]SafeDog Penetration and Defense Lab:darong tong\n[2]SafeDog Penetration and Defense Lab:yong cai\n[3]shaohong wu \n\nfor reporting these vulnerabilities." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#168699", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/168699" + }, + { + "name": "96616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96616" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3256.json b/2017/3xxx/CVE-2017-3256.json index fc87378155e..2533f1f3813 100644 --- a/2017/3xxx/CVE-2017-3256.json +++ b/2017/3xxx/CVE-2017-3256.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_value" : "5.7.16 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.16 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "GLSA-201702-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-17" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "95486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95486" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-17" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "95486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95486" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3612.json b/2017/3xxx/CVE-2017-3612.json index 46789f7550a..612ba842fb3 100644 --- a/2017/3xxx/CVE-2017-3612.json +++ b/2017/3xxx/CVE-2017-3612.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle Berkeley DB", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "6.2.32" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Berkeley DB", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.2.32" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97860" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3676.json b/2017/3xxx/CVE-2017-3676.json index ba1144d9075..cbb3473f6a5 100644 --- a/2017/3xxx/CVE-2017-3676.json +++ b/2017/3xxx/CVE-2017-3676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3910.json b/2017/3xxx/CVE-2017-3910.json index c381b4088cd..5b78d235944 100644 --- a/2017/3xxx/CVE-2017-3910.json +++ b/2017/3xxx/CVE-2017-3910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3936.json b/2017/3xxx/CVE-2017-3936.json index f6b3b0202f7..8024ad3e36d 100644 --- a/2017/3xxx/CVE-2017-3936.json +++ b/2017/3xxx/CVE-2017-3936.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2017-3936", - "STATE" : "PUBLIC", - "TITLE" : "McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ePolicy Orchestrator (ePO)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "x86", - "version_name" : "5.1", - "version_value" : "5.3.3" - }, - { - "affected" : "<", - "platform" : "x86", - "version_name" : "5.3", - "version_value" : "5.3.3" - }, - { - "affected" : "<", - "platform" : "x86", - "version_name" : "5.9", - "version_value" : "5.9.1" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 6.2, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2017-3936", + "STATE": "PUBLIC", + "TITLE": "McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ePolicy Orchestrator (ePO)", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "x86", + "version_name": "5.1", + "version_value": "5.3.3" + }, + { + "affected": "<", + "platform": "x86", + "version_name": "5.3", + "version_value": "5.3.3" + }, + { + "affected": "<", + "platform": "x86", + "version_name": "5.9", + "version_value": "5.9.1" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10227", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10227" - }, - { - "name" : "103155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103155" - } - ] - }, - "source" : { - "advisory" : "SB10227", - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103155" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10227", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10227" + } + ] + }, + "source": { + "advisory": "SB10227", + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3991.json b/2017/3xxx/CVE-2017-3991.json index 4fceac3c4fa..b19ae3289fd 100644 --- a/2017/3xxx/CVE-2017-3991.json +++ b/2017/3xxx/CVE-2017-3991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3991", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3991", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7647.json b/2017/7xxx/CVE-2017-7647.json index 006f6372ad9..0324294f8ae 100644 --- a/2017/7xxx/CVE-2017-7647.json +++ b/2017/7xxx/CVE-2017-7647.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://thwack.solarwinds.com/thread/111223", - "refsource" : "CONFIRM", - "url" : "https://thwack.solarwinds.com/thread/111223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://thwack.solarwinds.com/thread/111223", + "refsource": "CONFIRM", + "url": "https://thwack.solarwinds.com/thread/111223" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7683.json b/2017/7xxx/CVE-2017-7683.json index 02e03896f2e..b8d8ee48947 100644 --- a/2017/7xxx/CVE-2017-7683.json +++ b/2017/7xxx/CVE-2017-7683.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-07-13T00:00:00", - "ID" : "CVE-2017-7683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache OpenMeetings", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-07-13T00:00:00", + "ID": "CVE-2017-7683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache OpenMeetings", + "version": { + "version_data": [ + { + "version_value": "1.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[user] 20170713 CVE-2017-7683 - Apache OpenMeetings - Information Disclosure", - "refsource" : "MLIST", - "url" : "http://markmail.org/message/hint6fp66lijqdvu" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[user] 20170713 CVE-2017-7683 - Apache OpenMeetings - Information Disclosure", + "refsource": "MLIST", + "url": "http://markmail.org/message/hint6fp66lijqdvu" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8291.json b/2017/8xxx/CVE-2017-8291.json index 5c0355b048c..396a3e379fc 100644 --- a/2017/8xxx/CVE-2017-8291.json +++ b/2017/8xxx/CVE-2017-8291.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41955", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41955/" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/04/28/2", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/04/28/2" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697808", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697808" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1446063", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1446063" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1036453", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1036453" - }, - { - "name" : "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d", - "refsource" : "CONFIRM", - "url" : "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d" - }, - { - "name" : "DSA-3838", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3838" - }, - { - "name" : "GLSA-201708-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201708-06" - }, - { - "name" : "RHSA-2017:1230", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1230" - }, - { - "name" : "98476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3838", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3838" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1036453", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453" + }, + { + "name": "RHSA-2017:1230", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1230" + }, + { + "name": "98476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98476" + }, + { + "name": "41955", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41955/" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/04/28/2", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/04/28/2" + }, + { + "name": "GLSA-201708-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201708-06" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063" + }, + { + "name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d", + "refsource": "CONFIRM", + "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697808", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8313.json b/2017/8xxx/CVE-2017-8313.json index e0a2c88fe62..606afd06f2a 100644 --- a/2017/8xxx/CVE-2017-8313.json +++ b/2017/8xxx/CVE-2017-8313.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "ID" : "CVE-2017-8313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VLC", - "version" : { - "version_data" : [ - { - "version_value" : "< 2.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "VideoLAN" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)." - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "ID": "CVE-2017-8313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VLC", + "version": { + "version_data": [ + { + "version_value": "< 2.2.5" + } + ] + } + } + ] + }, + "vendor_name": "VideoLAN" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c" - }, - { - "name" : "DSA-3899", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3899" - }, - { - "name" : "GLSA-201707-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-10" - }, - { - "name" : "98633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201707-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-10" + }, + { + "name": "98633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98633" + }, + { + "name": "DSA-3899", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3899" + }, + { + "name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8541.json b/2017/8xxx/CVE-2017-8541.json index 40d1d342da8..f03fc294869 100644 --- a/2017/8xxx/CVE-2017-8541.json +++ b/2017/8xxx/CVE-2017-8541.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Malware Protection Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\", a different vulnerability than CVE-2017-8538 and CVE-2017-8540." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Malware Protection Engine", + "version": { + "version_data": [ + { + "version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42092", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42092/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8541", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8541" - }, - { - "name" : "98710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98710" - }, - { - "name" : "1038571", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\", a different vulnerability than CVE-2017-8538 and CVE-2017-8540." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8541", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8541" + }, + { + "name": "98710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98710" + }, + { + "name": "42092", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42092/" + }, + { + "name": "1038571", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038571" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8798.json b/2017/8xxx/CVE-2017-8798.json index 11619c69628..f93a77edd12 100644 --- a/2017/8xxx/CVE-2017-8798.json +++ b/2017/8xxx/CVE-2017-8798.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://miniupnp.free.fr/files/changelog.php?file=miniupnpc-2.0.20170509.tar.gz", - "refsource" : "MISC", - "url" : "http://miniupnp.free.fr/files/changelog.php?file=miniupnpc-2.0.20170509.tar.gz" - }, - { - "name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798", - "refsource" : "MISC", - "url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://miniupnp.free.fr/files/changelog.php?file=miniupnpc-2.0.20170509.tar.gz", + "refsource": "MISC", + "url": "http://miniupnp.free.fr/files/changelog.php?file=miniupnpc-2.0.20170509.tar.gz" + }, + { + "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798", + "refsource": "MISC", + "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8882.json b/2017/8xxx/CVE-2017-8882.json index 54d333d5ba2..f6dea22852f 100644 --- a/2017/8xxx/CVE-2017-8882.json +++ b/2017/8xxx/CVE-2017-8882.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8882", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8882", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10111.json b/2018/10xxx/CVE-2018-10111.json index d72712fb389..d499f16ff63 100644 --- a/2018/10xxx/CVE-2018-10111.json +++ b/2018/10xxx/CVE-2018-10111.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xiaoqx/pocs/tree/master/gegl", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/tree/master/gegl" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xiaoqx/pocs/tree/master/gegl", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/tree/master/gegl" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10231.json b/2018/10xxx/CVE-2018-10231.json index b1e099a9bb6..842d841873e 100644 --- a/2018/10xxx/CVE-2018-10231.json +++ b/2018/10xxx/CVE-2018-10231.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://page.topdesk.com/cve-2018-10231-and-cve-2018-10232?hs_preview=slNSCcfI-5931819551", - "refsource" : "CONFIRM", - "url" : "https://page.topdesk.com/cve-2018-10231-and-cve-2018-10232?hs_preview=slNSCcfI-5931819551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://page.topdesk.com/cve-2018-10231-and-cve-2018-10232?hs_preview=slNSCcfI-5931819551", + "refsource": "CONFIRM", + "url": "https://page.topdesk.com/cve-2018-10231-and-cve-2018-10232?hs_preview=slNSCcfI-5931819551" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12053.json b/2018/12xxx/CVE-2018-12053.json index 393b303b3f9..4f80deef4c6 100644 --- a/2018/12xxx/CVE-2018-12053.json +++ b/2018/12xxx/CVE-2018-12053.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44870", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44870/" - }, - { - "name" : "https://github.com/unh3x/just4cve/issues/6", - "refsource" : "MISC", - "url" : "https://github.com/unh3x/just4cve/issues/6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44870", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44870/" + }, + { + "name": "https://github.com/unh3x/just4cve/issues/6", + "refsource": "MISC", + "url": "https://github.com/unh3x/just4cve/issues/6" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12207.json b/2018/12xxx/CVE-2018-12207.json index 3ed42b06a91..59c8ce73ea2 100644 --- a/2018/12xxx/CVE-2018-12207.json +++ b/2018/12xxx/CVE-2018-12207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12518.json b/2018/12xxx/CVE-2018-12518.json index 4e557e9081c..bd4d848c0c1 100644 --- a/2018/12xxx/CVE-2018-12518.json +++ b/2018/12xxx/CVE-2018-12518.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12518", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12518", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13240.json b/2018/13xxx/CVE-2018-13240.json index be5dad95aed..a7cec91b6b3 100644 --- a/2018/13xxx/CVE-2018-13240.json +++ b/2018/13xxx/CVE-2018-13240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13298.json b/2018/13xxx/CVE-2018-13298.json index 177681d8b25..cb77626612d 100644 --- a/2018/13xxx/CVE-2018-13298.json +++ b/2018/13xxx/CVE-2018-13298.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13298", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13298", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13770.json b/2018/13xxx/CVE-2018-13770.json index c41ebd949c7..4bb53b81011 100644 --- a/2018/13xxx/CVE-2018-13770.json +++ b/2018/13xxx/CVE-2018-13770.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for UltimateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UltimateCoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UltimateCoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for UltimateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UltimateCoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UltimateCoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17022.json b/2018/17xxx/CVE-2018-17022.json index a91ed1df35a..c1b4141ce91 100644 --- a/2018/17xxx/CVE-2018-17022.json +++ b/2018/17xxx/CVE-2018-17022.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list(\"Storage_x_SharedPath\") request, because ej_select_list in router/httpd/web.c uses strcpy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/buffer_overflow/ASUS%20GT-AC5300%20stack%20overflow.MD", - "refsource" : "MISC", - "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/buffer_overflow/ASUS%20GT-AC5300%20stack%20overflow.MD" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list(\"Storage_x_SharedPath\") request, because ej_select_list in router/httpd/web.c uses strcpy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/buffer_overflow/ASUS%20GT-AC5300%20stack%20overflow.MD", + "refsource": "MISC", + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/buffer_overflow/ASUS%20GT-AC5300%20stack%20overflow.MD" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17283.json b/2018/17xxx/CVE-2018-17283.json index 3056f58a383..36f189e22c9 100644 --- a/2018/17xxx/CVE-2018-17283.json +++ b/2018/17xxx/CVE-2018-17283.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/x-f1v3/ForCve/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/x-f1v3/ForCve/issues/4" - }, - { - "name" : "https://www.manageengine.com/network-monitoring/help/read-me.html", - "refsource" : "MISC", - "url" : "https://www.manageengine.com/network-monitoring/help/read-me.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/network-monitoring/help/read-me.html", + "refsource": "MISC", + "url": "https://www.manageengine.com/network-monitoring/help/read-me.html" + }, + { + "name": "https://github.com/x-f1v3/ForCve/issues/4", + "refsource": "MISC", + "url": "https://github.com/x-f1v3/ForCve/issues/4" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17417.json b/2018/17xxx/CVE-2018-17417.json index 8df211e6812..751f6c7611c 100644 --- a/2018/17xxx/CVE-2018-17417.json +++ b/2018/17xxx/CVE-2018-17417.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17417", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17417", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17441.json b/2018/17xxx/CVE-2018-17441.json index 8799614264d..91b802d24a8 100644 --- a/2018/17xxx/CVE-2018-17441.json +++ b/2018/17xxx/CVE-2018-17441.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45533", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45533/" - }, - { - "name" : "20181004 [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Oct/11" - }, - { - "name" : "https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities" - }, - { - "name" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45533", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45533/" + }, + { + "name": "https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities" + }, + { + "name": "20181004 [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Oct/11" + }, + { + "name": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092", + "refsource": "CONFIRM", + "url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17832.json b/2018/17xxx/CVE-2018-17832.json index 02e7b299c5a..1be636c7f39 100644 --- a/2018/17xxx/CVE-2018-17832.json +++ b/2018/17xxx/CVE-2018-17832.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45514", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45514/" - }, - { - "name" : "https://cxsecurity.com/issue/WLB-2018050139", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2018050139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45514", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45514/" + }, + { + "name": "https://cxsecurity.com/issue/WLB-2018050139", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2018050139" + } + ] + } +} \ No newline at end of file