diff --git a/2004/0xxx/CVE-2004-0128.json b/2004/0xxx/CVE-2004-0128.json index a9e11a92de7..17797320d75 100644 --- a/2004/0xxx/CVE-2004-0128.json +++ b/2004/0xxx/CVE-2004-0128.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/352355" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=141517", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=141517" - }, - { - "name" : "9531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9531" - }, - { - "name" : "3769", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3769" - }, - { - "name" : "10753", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10753/" - }, - { - "name" : "phpgedview-gedfilconf-file-include(14987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/352355" + }, + { + "name": "10753", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10753/" + }, + { + "name": "phpgedview-gedfilconf-file-include(14987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14987" + }, + { + "name": "9531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9531" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=141517", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=141517" + }, + { + "name": "3769", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3769" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0460.json b/2004/0xxx/CVE-2004-0460.json index a0db5052e36..41ef48d4344 100644 --- a/2004/0xxx/CVE-2004-0460.json +++ b/2004/0xxx/CVE-2004-0460.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040628 ISC DHCP overflows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108843959502356&w=2" - }, - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" - }, - { - "name" : "MDKSA-2004:061", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:061" - }, - { - "name" : "TA04-174A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-174A.html" - }, - { - "name" : "VU#317350", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/317350" - }, - { - "name" : "20040622 DHCP Vuln // no code 0day //", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108795911203342&w=2" - }, - { - "name" : "SuSE-SA:2004:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html" - }, - { - "name" : "20040708 [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108938625206063&w=2" - }, - { - "name" : "10590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10590" - }, - { - "name" : "23265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23265" - }, - { - "name" : "dhcp-ascii-log-bo(16475)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#317350", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/317350" + }, + { + "name": "10590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10590" + }, + { + "name": "MDKSA-2004:061", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:061" + }, + { + "name": "23265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23265" + }, + { + "name": "20040622 DHCP Vuln // no code 0day //", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108795911203342&w=2" + }, + { + "name": "20040708 [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108938625206063&w=2" + }, + { + "name": "SuSE-SA:2004:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html" + }, + { + "name": "dhcp-ascii-log-bo(16475)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16475" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" + }, + { + "name": "TA04-174A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-174A.html" + }, + { + "name": "20040628 ISC DHCP overflows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108843959502356&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0464.json b/2004/0xxx/CVE-2004-0464.json index eef56c75b04..49d5b4622d8 100644 --- a/2004/0xxx/CVE-2004-0464.json +++ b/2004/0xxx/CVE-2004-0464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0464", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0464", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0892.json b/2004/0xxx/CVE-2004-0892.json index 9a24f336bd9..31cf638808f 100644 --- a/2004/0xxx/CVE-2004-0892.json +++ b/2004/0xxx/CVE-2004-0892.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS04-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-039" - }, - { - "name" : "11605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11605" - }, - { - "name" : "oval:org.mitre.oval:def:4264", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4264" - }, - { - "name" : "oval:org.mitre.oval:def:4859", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4859" - }, - { - "name" : "isa-cache-reverse-spoof(17906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:4264", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4264" + }, + { + "name": "oval:org.mitre.oval:def:4859", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4859" + }, + { + "name": "isa-cache-reverse-spoof(17906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17906" + }, + { + "name": "11605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11605" + }, + { + "name": "MS04-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-039" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1384.json b/2004/1xxx/CVE-2004-1384.json index d6b459be0af..70176d43650 100644 --- a/2004/1xxx/CVE-2004-1384.json +++ b/2004/1xxx/CVE-2004-1384.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110312656029072&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00054-12142004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00054-12142004" - }, - { - "name" : "GLSA-200501-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml" - }, - { - "name" : "11952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11952" - }, - { - "name" : "phpgroupware-index-preferences-xss(18496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpgroupware-index-preferences-xss(18496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18496" + }, + { + "name": "20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110312656029072&w=2" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00054-12142004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00054-12142004" + }, + { + "name": "11952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11952" + }, + { + "name": "GLSA-200501-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1912.json b/2004/1xxx/CVE-2004-1912.json index 1064e82d5de..b59b709ba1e 100644 --- a/2004/1xxx/CVE-2004-1912.json +++ b/2004/1xxx/CVE-2004-1912.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040408 [waraxe-2004-SA#015 - Multiple vulnerabilities in NukeCalendar v1.1.a]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108144168932458&w=2" - }, - { - "name" : "10082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10082" - }, - { - "name" : "nuke-calendar-path-disclosure(15795)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10082" + }, + { + "name": "nuke-calendar-path-disclosure(15795)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15795" + }, + { + "name": "20040408 [waraxe-2004-SA#015 - Multiple vulnerabilities in NukeCalendar v1.1.a]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108144168932458&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1960.json b/2004/1xxx/CVE-2004-1960.json index 85a2ead1c8b..569ddb99cc6 100644 --- a/2004/1xxx/CVE-2004-1960.json +++ b/2004/1xxx/CVE-2004-1960.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040423 [waraxe-2004-SA#025 - Multiple vulnerabilities in Protector System 1.15b1 for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/361300/2004-04-21/2004-04-27/0" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=25", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=25" - }, - { - "name" : "http://protector.warcenter.se/article-53--0-0.html", - "refsource" : "CONFIRM", - "url" : "http://protector.warcenter.se/article-53--0-0.html" - }, - { - "name" : "10206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10206" - }, - { - "name" : "protector-blockerquery-xss(15965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040423 [waraxe-2004-SA#025 - Multiple vulnerabilities in Protector System 1.15b1 for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/361300/2004-04-21/2004-04-27/0" + }, + { + "name": "10206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10206" + }, + { + "name": "protector-blockerquery-xss(15965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15965" + }, + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=25", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=25" + }, + { + "name": "http://protector.warcenter.se/article-53--0-0.html", + "refsource": "CONFIRM", + "url": "http://protector.warcenter.se/article-53--0-0.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2229.json b/2004/2xxx/CVE-2004-2229.json index a77170fddf7..2b7998c1343 100644 --- a/2004/2xxx/CVE-2004-2229.json +++ b/2004/2xxx/CVE-2004-2229.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf" - }, - { - "name" : "9704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9704" - }, - { - "name" : "4022", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4022" - }, - { - "name" : "10938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10938" - }, - { - "name" : "oracle-mobile-gain-access(15269)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4022", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4022" + }, + { + "name": "10938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10938" + }, + { + "name": "9704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9704" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf" + }, + { + "name": "oracle-mobile-gain-access(15269)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15269" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2431.json b/2004/2xxx/CVE-2004-2431.json index 7be0bdf116b..e695700210b 100644 --- a/2004/2xxx/CVE-2004-2431.json +++ b/2004/2xxx/CVE-2004-2431.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=381807", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=381807" - }, - { - "name" : "10525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10525" - }, - { - "name" : "6844", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6844" - }, - { - "name" : "11824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11824" - }, - { - "name" : "ignition-server-password-bypass(16397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10525" + }, + { + "name": "11824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11824" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=381807", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=381807" + }, + { + "name": "ignition-server-password-bypass(16397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16397" + }, + { + "name": "6844", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6844" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2620.json b/2004/2xxx/CVE-2004-2620.json index 62912ff183a..ee8cb7c903f 100644 --- a/2004/2xxx/CVE-2004-2620.json +++ b/2004/2xxx/CVE-2004-2620.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing \"\\r\" and \"\\n\" characters in headers, which leads to a buffer underflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pldaniels.com/ripmime/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://www.pldaniels.com/ripmime/CHANGELOG" - }, - { - "name" : "8731", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing \"\\r\" and \"\\n\" characters in headers, which leads to a buffer underflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8731", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8731" + }, + { + "name": "http://www.pldaniels.com/ripmime/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://www.pldaniels.com/ripmime/CHANGELOG" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2240.json b/2008/2xxx/CVE-2008-2240.json index 58c7e0fee58..f45f82ad32d 100644 --- a/2008/2xxx/CVE-2008-2240.json +++ b/2008/2xxx/CVE-2008-2240.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf", - "refsource" : "MISC", - "url" : "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21303057", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21303057" - }, - { - "name" : "20080522 Who's Right", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2008-May/001988.html" - }, - { - "name" : "20080522 Who's Right", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2008-May/001989.html" - }, - { - "name" : "29310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29310" - }, - { - "name" : "1020098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020098" - }, - { - "name" : "ADV-2008-1597", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1597" - }, - { - "name" : "30310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30310" - }, - { - "name" : "30332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30332" - }, - { - "name" : "ibm-lotusdomino-acceptlanguage-bo(42552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080522 Who's Right", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2008-May/001988.html" + }, + { + "name": "ADV-2008-1597", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1597" + }, + { + "name": "30310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30310" + }, + { + "name": "20080522 Who's Right", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2008-May/001989.html" + }, + { + "name": "30332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30332" + }, + { + "name": "ibm-lotusdomino-acceptlanguage-bo(42552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42552" + }, + { + "name": "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf", + "refsource": "MISC", + "url": "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21303057", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303057" + }, + { + "name": "29310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29310" + }, + { + "name": "1020098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020098" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2297.json b/2008/2xxx/CVE-2008-2297.json index ab0a42adc37..da2e91f3aba 100644 --- a/2008/2xxx/CVE-2008-2297.json +++ b/2008/2xxx/CVE-2008-2297.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to \"\", which is present in the password file and probably passes an insufficient comparison." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5628", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5628" - }, - { - "name" : "29243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29243" - }, - { - "name" : "30279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30279" - }, - { - "name" : "rantx-admin-auth-bypass(42464)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to \"\", which is present in the password file and probably passes an insufficient comparison." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rantx-admin-auth-bypass(42464)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42464" + }, + { + "name": "29243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29243" + }, + { + "name": "30279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30279" + }, + { + "name": "5628", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5628" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3410.json b/2008/3xxx/CVE-2008-3410.json index cfa3476cb3b..8bf4243be0f 100644 --- a/2008/3xxx/CVE-2008-3410.json +++ b/2008/3xxx/CVE-2008-3410.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080729 Memory corruption and NULL pointer in Unreal Tournament III 1.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494929/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/ut3mendo-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ut3mendo-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/ut3mendo.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/ut3mendo.zip" - }, - { - "name" : "30430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30430" - }, - { - "name" : "ADV-2008-2260", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2260/references" - }, - { - "name" : "31265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31265" - }, - { - "name" : "unrealtournament3-sizefield-dos(44104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/ut3mendo-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ut3mendo-adv.txt" + }, + { + "name": "http://aluigi.org/poc/ut3mendo.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/ut3mendo.zip" + }, + { + "name": "unrealtournament3-sizefield-dos(44104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44104" + }, + { + "name": "ADV-2008-2260", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2260/references" + }, + { + "name": "20080729 Memory corruption and NULL pointer in Unreal Tournament III 1.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494929/100/0/threaded" + }, + { + "name": "30430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30430" + }, + { + "name": "31265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31265" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3637.json b/2008/3xxx/CVE-2008-3637.json index 5fb412b6b95..64dfaf065de 100644 --- a/2008/3xxx/CVE-2008-3637.json +++ b/2008/3xxx/CVE-2008-3637.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an \"error checking issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3178", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3178" - }, - { - "name" : "http://support.apple.com/kb/HT3179", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3179" - }, - { - "name" : "APPLE-SA-2008-09-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html" - }, - { - "name" : "APPLE-SA-2008-09-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" - }, - { - "name" : "31379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31379" - }, - { - "name" : "1020943", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020943" - }, - { - "name" : "32018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32018" - }, - { - "name" : "java-macos-hmac-code-execution(45396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an \"error checking issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "java-macos-hmac-code-execution(45396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45396" + }, + { + "name": "APPLE-SA-2008-09-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" + }, + { + "name": "32018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32018" + }, + { + "name": "31379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31379" + }, + { + "name": "APPLE-SA-2008-09-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html" + }, + { + "name": "http://support.apple.com/kb/HT3178", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3178" + }, + { + "name": "1020943", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020943" + }, + { + "name": "http://support.apple.com/kb/HT3179", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3179" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6018.json b/2008/6xxx/CVE-2008-6018.json index db4f698a6a0..5f22b71b2e0 100644 --- a/2008/6xxx/CVE-2008-6018.json +++ b/2008/6xxx/CVE-2008-6018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7519", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7519" - }, - { - "name" : "32919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32919" - }, - { - "name" : "33171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7519", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7519" + }, + { + "name": "33171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33171" + }, + { + "name": "32919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32919" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6348.json b/2008/6xxx/CVE-2008-6348.json index 54a5a9c7830..67cbb894636 100644 --- a/2008/6xxx/CVE-2008-6348.json +++ b/2008/6xxx/CVE-2008-6348.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7016", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7016" - }, - { - "name" : "32145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32145" - }, - { - "name" : "32593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32593" - }, - { - "name" : "photogallery-multiple-sql-injection(46400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32145" + }, + { + "name": "32593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32593" + }, + { + "name": "photogallery-multiple-sql-injection(46400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46400" + }, + { + "name": "7016", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7016" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6511.json b/2008/6xxx/CVE-2008-6511.json index 50ecba9d0ea..740e9dfbff4 100644 --- a/2008/6xxx/CVE-2008-6511.json +++ b/2008/6xxx/CVE-2008-6511.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498162/100/0/threaded" - }, - { - "name" : "7075", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7075" - }, - { - "name" : "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt", - "refsource" : "MISC", - "url" : "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7075", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7075" + }, + { + "name": "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt", + "refsource": "MISC", + "url": "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt" + }, + { + "name": "20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498162/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6524.json b/2008/6xxx/CVE-2008-6524.json index 192b6d23c4a..868afcc6ef4 100644 --- a/2008/6xxx/CVE-2008-6524.json +++ b/2008/6xxx/CVE-2008-6524.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5466", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5466" - }, - { - "name" : "28854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28854" - }, - { - "name" : "openinvoice-cookie-security-bypass(41947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41947" - }, - { - "name" : "openinvoice-uid-security-bypass(49580)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5466", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5466" + }, + { + "name": "openinvoice-cookie-security-bypass(41947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41947" + }, + { + "name": "openinvoice-uid-security-bypass(49580)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49580" + }, + { + "name": "28854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28854" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7028.json b/2008/7xxx/CVE-2008-7028.json index d38f109d2ad..d1df8a9a920 100644 --- a/2008/7xxx/CVE-2008-7028.json +++ b/2008/7xxx/CVE-2008-7028.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6591", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6591" - }, - { - "name" : "31466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31466" - }, - { - "name" : "rpgboard-keep4u-security-bypass(45501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rpgboard-keep4u-security-bypass(45501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45501" + }, + { + "name": "31466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31466" + }, + { + "name": "6591", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6591" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7178.json b/2008/7xxx/CVE-2008-7178.json index 85250a32dc9..dd5def7b7cc 100644 --- a/2008/7xxx/CVE-2008-7178.json +++ b/2008/7xxx/CVE-2008-7178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5756", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5756" - }, - { - "name" : "29600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29600" - }, - { - "name" : "uploader-filename-file-include(42925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5756", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5756" + }, + { + "name": "uploader-filename-file-include(42925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42925" + }, + { + "name": "29600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29600" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7217.json b/2008/7xxx/CVE-2008-7217.json index 1cba490790a..997b48fbfde 100644 --- a/2008/7xxx/CVE-2008-7217.json +++ b/2008/7xxx/CVE-2008-7217.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "948488", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;EN-US;948488" - }, - { - "name" : "44959", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "948488", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;EN-US;948488" + }, + { + "name": "44959", + "refsource": "OSVDB", + "url": "http://osvdb.org/44959" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5039.json b/2012/5xxx/CVE-2012-5039.json index 377439b1e3f..4aa1ea97467 100644 --- a/2012/5xxx/CVE-2012-5039.json +++ b/2012/5xxx/CVE-2012-5039.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-5039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/release/notes/ol_20679.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/release/notes/ol_20679.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/release/notes/ol_20679.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/release/notes/ol_20679.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5069.json b/2012/5xxx/CVE-2012-5069.json index 7f10374d16b..ee3fa467bee 100644 --- a/2012/5xxx/CVE-2012-5069.json +++ b/2012/5xxx/CVE-2012-5069.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02832", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "SSRT101042", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "HPSBOV02833", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "SSRT101043", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "RHSA-2012:1385", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1385.html" - }, - { - "name" : "RHSA-2012:1386", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html" - }, - { - "name" : "RHSA-2012:1391", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" - }, - { - "name" : "RHSA-2012:1392", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html" - }, - { - "name" : "RHSA-2012:1465", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1465.html" - }, - { - "name" : "RHSA-2012:1466", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "openSUSE-SU-2012:1423", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:1595", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" - }, - { - "name" : "SUSE-SU-2012:1489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" - }, - { - "name" : "56065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56065" - }, - { - "name" : "oval:org.mitre.oval:def:16685", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16685" - }, - { - "name" : "51028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51028" - }, - { - "name" : "51029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51029" - }, - { - "name" : "51141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51141" - }, - { - "name" : "51315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51315" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51327" - }, - { - "name" : "51328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51328" - }, - { - "name" : "51390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51390" - }, - { - "name" : "51438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51438" - }, - { - "name" : "51166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51166" - }, - { - "name" : "javaruntimeenvironment-cc-cve20125069(79428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "javaruntimeenvironment-cc-cve20125069(79428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79428" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" + }, + { + "name": "RHSA-2012:1466", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html" + }, + { + "name": "RHSA-2012:1386", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html" + }, + { + "name": "51315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51315" + }, + { + "name": "51438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51438" + }, + { + "name": "51141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51141" + }, + { + "name": "SSRT101043", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" + }, + { + "name": "openSUSE-SU-2012:1423", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "RHSA-2012:1391", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" + }, + { + "name": "51029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51029" + }, + { + "name": "HPSBOV02833", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "51166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51166" + }, + { + "name": "56065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56065" + }, + { + "name": "oval:org.mitre.oval:def:16685", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16685" + }, + { + "name": "51390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51390" + }, + { + "name": "RHSA-2012:1392", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" + }, + { + "name": "SUSE-SU-2012:1489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" + }, + { + "name": "SUSE-SU-2012:1595", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" + }, + { + "name": "51327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51327" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "RHSA-2012:1465", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html" + }, + { + "name": "51328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51328" + }, + { + "name": "SSRT101042", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + }, + { + "name": "51028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51028" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + }, + { + "name": "RHSA-2012:1385", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1385.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + }, + { + "name": "HPSBUX02832", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11020.json b/2017/11xxx/CVE-2017-11020.json index c48f27f3714..40101beb8f1 100644 --- a/2017/11xxx/CVE-2017-11020.json +++ b/2017/11xxx/CVE-2017-11020.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11020", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11020", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11189.json b/2017/11xxx/CVE-2017-11189.json index 15071a3b082..fe43167821e 100644 --- a/2017/11xxx/CVE-2017-11189.json +++ b/2017/11xxx/CVE-2017-11189.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/0x09AL/my-exploits/tree/master/pocs/unrar-free/dos", - "refsource" : "MISC", - "url" : "https://github.com/0x09AL/my-exploits/tree/master/pocs/unrar-free/dos" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/0x09AL/my-exploits/tree/master/pocs/unrar-free/dos", + "refsource": "MISC", + "url": "https://github.com/0x09AL/my-exploits/tree/master/pocs/unrar-free/dos" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11444.json b/2017/11xxx/CVE-2017-11444.json index 4cf45b393b1..71309544d20 100644 --- a/2017/11xxx/CVE-2017-11444.json +++ b/2017/11xxx/CVE-2017-11444.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/intelliants/subrion/issues/479", - "refsource" : "CONFIRM", - "url" : "https://github.com/intelliants/subrion/issues/479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/intelliants/subrion/issues/479", + "refsource": "CONFIRM", + "url": "https://github.com/intelliants/subrion/issues/479" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11770.json b/2017/11xxx/CVE-2017-11770.json index 59f59e24eb7..25b4df98b63 100644 --- a/2017/11xxx/CVE-2017-11770.json +++ b/2017/11xxx/CVE-2017-11770.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : ".NET Core", - "version" : { - "version_data" : [ - { - "version_value" : ".NET Core 1.0, .NET Core 1.1, and .NET Core 2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": ".NET Core 1.0, .NET Core 1.1, and .NET Core 2.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770" - }, - { - "name" : "RHSA-2017:3248", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3248" - }, - { - "name" : "101710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101710" - }, - { - "name" : "1039787", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039787", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039787" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770" + }, + { + "name": "RHSA-2017:3248", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3248" + }, + { + "name": "101710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101710" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11932.json b/2017/11xxx/CVE-2017-11932.json index ad939b94912..7b1567ed056 100644 --- a/2017/11xxx/CVE-2017-11932.json +++ b/2017/11xxx/CVE-2017-11932.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Exchange Server", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka \"Microsoft Exchange Spoofing Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932" - }, - { - "name" : "102060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102060" - }, - { - "name" : "1039996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka \"Microsoft Exchange Spoofing Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932" + }, + { + "name": "1039996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039996" + }, + { + "name": "102060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102060" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14007.json b/2017/14xxx/CVE-2017-14007.json index 77ded23544f..7dca52b5393 100644 --- a/2017/14xxx/CVE-2017-14007.json +++ b/2017/14xxx/CVE-2017-14007.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-14007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ProMinent MultiFLEX M10a Controller", - "version" : { - "version_data" : [ - { - "version_value" : "ProMinent MultiFLEX M10a Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-613" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-14007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ProMinent MultiFLEX M10a Controller", + "version": { + "version_data": [ + { + "version_value": "ProMinent MultiFLEX M10a Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01" - }, - { - "name" : "101259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101259" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14126.json b/2017/14xxx/CVE-2017-14126.json index bcb5583fdf6..5aa808076e6 100644 --- a/2017/14xxx/CVE-2017-14126.json +++ b/2017/14xxx/CVE-2017-14126.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Participants Database plugin before 1.7.5.10 for WordPress has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42618", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42618/" - }, - { - "name" : "https://limbenjamin.com/articles/cve-2017-14126-participants-database-xss.html", - "refsource" : "MISC", - "url" : "https://limbenjamin.com/articles/cve-2017-14126-participants-database-xss.html" - }, - { - "name" : "https://wordpress.org/plugins/participants-database/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/participants-database/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Participants Database plugin before 1.7.5.10 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42618", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42618/" + }, + { + "name": "https://wordpress.org/plugins/participants-database/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/participants-database/#developers" + }, + { + "name": "https://limbenjamin.com/articles/cve-2017-14126-participants-database-xss.html", + "refsource": "MISC", + "url": "https://limbenjamin.com/articles/cve-2017-14126-participants-database-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14606.json b/2017/14xxx/CVE-2017-14606.json index 8db91662452..38f23210af3 100644 --- a/2017/14xxx/CVE-2017-14606.json +++ b/2017/14xxx/CVE-2017-14606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15792.json b/2017/15xxx/CVE-2017-15792.json index befbd10aa9e..980cb5ee5e7 100644 --- a/2017/15xxx/CVE-2017-15792.json +++ b/2017/15xxx/CVE-2017-15792.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15792", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15792", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8094.json b/2017/8xxx/CVE-2017-8094.json index 87e56cebbe5..a1e6c73dc19 100644 --- a/2017/8xxx/CVE-2017-8094.json +++ b/2017/8xxx/CVE-2017-8094.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8094", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8094", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8271.json b/2017/8xxx/CVE-2017-8271.json index bdd0c84b643..3c35b7a9231 100644 --- a/2017/8xxx/CVE-2017-8271.json +++ b/2017/8xxx/CVE-2017-8271.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2017-8271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in video driver" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2017-8271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow in video driver" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99465" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8454.json b/2017/8xxx/CVE-2017-8454.json index a3f0b3a2cab..9280efcce9b 100644 --- a/2017/8xxx/CVE-2017-8454.json +++ b/2017/8xxx/CVE-2017-8454.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-135/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-135/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "98320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-135/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-135/" + }, + { + "name": "98320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98320" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8464.json b/2017/8xxx/CVE-2017-8464.json index 73bc23577f4..f0544d2b7b0 100644 --- a/2017/8xxx/CVE-2017-8464.json +++ b/2017/8xxx/CVE-2017-8464.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Shell", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka \"LNK Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Shell", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42382", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42382/" - }, - { - "name" : "42429", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42429/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464" - }, - { - "name" : "98818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98818" - }, - { - "name" : "1038671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka \"LNK Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42382", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42382/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464" + }, + { + "name": "42429", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42429/" + }, + { + "name": "1038671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038671" + }, + { + "name": "98818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98818" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12145.json b/2018/12xxx/CVE-2018-12145.json index 0297d4084a4..9e6eeeda047 100644 --- a/2018/12xxx/CVE-2018-12145.json +++ b/2018/12xxx/CVE-2018-12145.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12145", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12145", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12301.json b/2018/12xxx/CVE-2018-12301.json index d97cb1b1e76..8dcc951d5d5 100644 --- a/2018/12xxx/CVE-2018-12301.json +++ b/2018/12xxx/CVE-2018-12301.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12301", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12301", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12490.json b/2018/12xxx/CVE-2018-12490.json index b3da9f0b515..d19bb70bf81 100644 --- a/2018/12xxx/CVE-2018-12490.json +++ b/2018/12xxx/CVE-2018-12490.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12490", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12490", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13858.json b/2018/13xxx/CVE-2018-13858.json index 22b4c390e9e..37d7babb056 100644 --- a/2018/13xxx/CVE-2018-13858.json +++ b/2018/13xxx/CVE-2018-13858.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the \"/xml/system/control.xml\" URL, using the GET request \"?action=reboot\" for example." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://vulncode.com/advisory/CVE-2018-13858", - "refsource" : "MISC", - "url" : "https://vulncode.com/advisory/CVE-2018-13858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the \"/xml/system/control.xml\" URL, using the GET request \"?action=reboot\" for example." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://vulncode.com/advisory/CVE-2018-13858", + "refsource": "MISC", + "url": "https://vulncode.com/advisory/CVE-2018-13858" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13869.json b/2018/13xxx/CVE-2018-13869.json index ade0263e66e..c65e4ad2606 100644 --- a/2018/13xxx/CVE-2018-13869.json +++ b/2018/13xxx/CVE-2018-13869.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16272.json b/2018/16xxx/CVE-2018-16272.json index 2028685ab07..a2d15c01089 100644 --- a/2018/16xxx/CVE-2018-16272.json +++ b/2018/16xxx/CVE-2018-16272.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16272", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16272", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16464.json b/2018/16xxx/CVE-2018-16464.json index 6e7e8dc6a6e..813f54612c9 100644 --- a/2018/16xxx/CVE-2018-16464.json +++ b/2018/16xxx/CVE-2018-16464.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "<14.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authentication - Generic (CWE-287)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "<14.0.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/146133", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/146133" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=NC-SA-2018-012", - "refsource" : "MISC", - "url" : "https://nextcloud.com/security/advisory/?id=NC-SA-2018-012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication - Generic (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/146133", + "refsource": "MISC", + "url": "https://hackerone.com/reports/146133" + }, + { + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-012", + "refsource": "MISC", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-012" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16701.json b/2018/16xxx/CVE-2018-16701.json index 830b4869129..d5873ff0b00 100644 --- a/2018/16xxx/CVE-2018-16701.json +++ b/2018/16xxx/CVE-2018-16701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16723.json b/2018/16xxx/CVE-2018-16723.json index b55f99a47a2..140db2c0ec6 100644 --- a/2018/16xxx/CVE-2018-16723.json +++ b/2018/16xxx/CVE-2018-16723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16723", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16723", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17179.json b/2018/17xxx/CVE-2018-17179.json index aebaccf5d4c..7fa3a27b500 100644 --- a/2018/17xxx/CVE-2018-17179.json +++ b/2018/17xxx/CVE-2018-17179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18762.json b/2018/18xxx/CVE-2018-18762.json index d8ac52ae8bf..167c77ee3c1 100644 --- a/2018/18xxx/CVE-2018-18762.json +++ b/2018/18xxx/CVE-2018-18762.json @@ -1,18 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18762", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SaltOS 3.1 r8126 allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/150005/SaltOS-Erp-Crm-3.1-r8126-Database-Download.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/150005/SaltOS-Erp-Crm-3.1-r8126-Database-Download.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "45734", + "url": "https://www.exploit-db.com/exploits/45734/" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4195.json b/2018/4xxx/CVE-2018-4195.json index f5da714fda1..94d34fff3d7 100644 --- a/2018/4xxx/CVE-2018-4195.json +++ b/2018/4xxx/CVE-2018-4195.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4195", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4195", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4380.json b/2018/4xxx/CVE-2018-4380.json index 8e6e3ed7cc1..b2ee8853fdc 100644 --- a/2018/4xxx/CVE-2018-4380.json +++ b/2018/4xxx/CVE-2018-4380.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4380", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4380", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4939.json b/2018/4xxx/CVE-2018-4939.json index e73cc98e3d4..e03814bf608 100644 --- a/2018/4xxx/CVE-2018-4939.json +++ b/2018/4xxx/CVE-2018-4939.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Deserialization of Untrusted Data" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" - }, - { - "name" : "103718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" + }, + { + "name": "103718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103718" + } + ] + } +} \ No newline at end of file