diff --git a/2004/0xxx/CVE-2004-0353.json b/2004/0xxx/CVE-2004-0353.json index df33d12caf4..488e38d2c09 100644 --- a/2004/0xxx/CVE-2004-0353.json +++ b/2004/0xxx/CVE-2004-0353.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040304 GNU Anubis buffer overflows and format string bugs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107843915424588&w=2" - }, - { - "name" : "[bug-anubis] 20040228 Important security update", - "refsource" : "MLIST", - "url" : "http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html" - }, - { - "name" : "20040310 GNU Anubis 3.6.2 remote root exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107894315012081&w=2" - }, - { - "name" : "9772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9772" - }, - { - "name" : "anubis-ident-bo(15345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[bug-anubis] 20040228 Important security update", + "refsource": "MLIST", + "url": "http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html" + }, + { + "name": "20040310 GNU Anubis 3.6.2 remote root exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107894315012081&w=2" + }, + { + "name": "20040304 GNU Anubis buffer overflows and format string bugs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107843915424588&w=2" + }, + { + "name": "9772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9772" + }, + { + "name": "anubis-ident-bo(15345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15345" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0441.json b/2004/0xxx/CVE-2004-0441.json index 0b0f9868f2f..db11474933f 100644 --- a/2004/0xxx/CVE-2004-0441.json +++ b/2004/0xxx/CVE-2004-0441.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0441", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0441", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0505.json b/2004/0xxx/CVE-2004-0505.json index 15a83e2cf24..7b0e7bccf4d 100644 --- a/2004/0xxx/CVE-2004-0505.json +++ b/2004/0xxx/CVE-2004-0505.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00014.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00014.html" - }, - { - "name" : "CLA-2005:916", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916" - }, - { - "name" : "RHSA-2004:234", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-234.html" - }, - { - "name" : "GLSA-200406-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200406-01.xml" - }, - { - "name" : "20040604-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc" - }, - { - "name" : "20040605-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc" - }, - { - "name" : "O-150", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-150.shtml" - }, - { - "name" : "10347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10347" - }, - { - "name" : "6132", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6132" - }, - { - "name" : "oval:org.mitre.oval:def:986", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A986" - }, - { - "name" : "oval:org.mitre.oval:def:9433", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9433" - }, - { - "name" : "1010158", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010158" - }, - { - "name" : "11608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11608" - }, - { - "name" : "11776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11776" - }, - { - "name" : "11836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11836" - }, - { - "name" : "ethereal-aim-dissector-dos(16150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11776" + }, + { + "name": "CLA-2005:916", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916" + }, + { + "name": "10347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10347" + }, + { + "name": "11608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11608" + }, + { + "name": "oval:org.mitre.oval:def:986", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A986" + }, + { + "name": "11836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11836" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00014.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00014.html" + }, + { + "name": "RHSA-2004:234", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-234.html" + }, + { + "name": "O-150", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-150.shtml" + }, + { + "name": "20040605-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc" + }, + { + "name": "6132", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6132" + }, + { + "name": "GLSA-200406-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200406-01.xml" + }, + { + "name": "20040604-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc" + }, + { + "name": "1010158", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010158" + }, + { + "name": "oval:org.mitre.oval:def:9433", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9433" + }, + { + "name": "ethereal-aim-dissector-dos(16150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16150" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0822.json b/2004/0xxx/CVE-2004-0822.json index c21d8dbb3ee..75d9fb928c3 100644 --- a/2004/0xxx/CVE-2004-0822.json +++ b/2004/0xxx/CVE-2004-0822.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-09-07", - "refsource" : "APPLE", - "url" : "http://www.securityfocus.com/advisories/7148" - }, - { - "name" : "VU#545446", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545446" - }, - { - "name" : "O-212", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-212.shtml" - }, - { - "name" : "12491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12491/" - }, - { - "name" : "11136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11136" - }, - { - "name" : "macos-corefoundation-bo(17295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11136" + }, + { + "name": "12491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12491/" + }, + { + "name": "macos-corefoundation-bo(17295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17295" + }, + { + "name": "VU#545446", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545446" + }, + { + "name": "APPLE-SA-2004-09-07", + "refsource": "APPLE", + "url": "http://www.securityfocus.com/advisories/7148" + }, + { + "name": "O-212", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-212.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0886.json b/2004/0xxx/CVE-2004-0886.json index 94f17d2565f..734623624b2 100644 --- a/2004/0xxx/CVE-2004-0886.json +++ b/2004/0xxx/CVE-2004-0886.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kde.org/info/security/advisory-20041209-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20041209-2.txt" - }, - { - "name" : "CLA-2004:888", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888" - }, - { - "name" : "DSA-567", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-567" - }, - { - "name" : "MDKSA-2004:109", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109" - }, - { - "name" : "MDKSA-2005:052", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" - }, - { - "name" : "RHSA-2004:577", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-577.html" - }, - { - "name" : "RHSA-2005:354", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-354.html" - }, - { - "name" : "RHSA-2005:021", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-021.html" - }, - { - "name" : "101677", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1" - }, - { - "name" : "201072", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1" - }, - { - "name" : "SUSE-SA:2004:038", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html" - }, - { - "name" : "2004-0054", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0054/" - }, - { - "name" : "OpenPKG-SA-2004.043", - "refsource" : "OPENPKG", - "url" : "http://marc.info/?l=bugtraq&m=109779465621929&w=2" - }, - { - "name" : "VU#687568", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/687568" - }, - { - "name" : "P-015", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-015.shtml" - }, - { - "name" : "11406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11406" - }, - { - "name" : "oval:org.mitre.oval:def:100116", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116" - }, - { - "name" : "oval:org.mitre.oval:def:9907", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907" - }, - { - "name" : "1011674", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011674" - }, - { - "name" : "12818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12818" - }, - { - "name" : "libtiff-bo(17715)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:577", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html" + }, + { + "name": "MDKSA-2004:109", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109" + }, + { + "name": "RHSA-2005:021", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html" + }, + { + "name": "P-015", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-015.shtml" + }, + { + "name": "201072", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1" + }, + { + "name": "oval:org.mitre.oval:def:9907", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907" + }, + { + "name": "101677", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1" + }, + { + "name": "SUSE-SA:2004:038", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html" + }, + { + "name": "VU#687568", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/687568" + }, + { + "name": "1011674", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011674" + }, + { + "name": "CLA-2004:888", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888" + }, + { + "name": "MDKSA-2005:052", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" + }, + { + "name": "libtiff-bo(17715)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17715" + }, + { + "name": "2004-0054", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0054/" + }, + { + "name": "http://www.kde.org/info/security/advisory-20041209-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20041209-2.txt" + }, + { + "name": "RHSA-2005:354", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html" + }, + { + "name": "12818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12818" + }, + { + "name": "11406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11406" + }, + { + "name": "oval:org.mitre.oval:def:100116", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116" + }, + { + "name": "DSA-567", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-567" + }, + { + "name": "OpenPKG-SA-2004.043", + "refsource": "OPENPKG", + "url": "http://marc.info/?l=bugtraq&m=109779465621929&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1478.json b/2004/1xxx/CVE-2004-1478.json index 6e6cff08930..ca9dc7d2191 100644 --- a/2004/1xxx/CVE-2004-1478.json +++ b/2004/1xxx/CVE-2004-1478.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040923 New Macromedia Security Zone Bulletins Posted", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109621995623823&w=2" - }, - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html" - }, - { - "name" : "VU#584958", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/584958" - }, - { - "name" : "11245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11245" - }, - { - "name" : "12638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12638/" - }, - { - "name" : "jrun-jsessionid-hijack(17481)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jrun-jsessionid-hijack(17481)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17481" + }, + { + "name": "20040923 New Macromedia Security Zone Bulletins Posted", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109621995623823&w=2" + }, + { + "name": "11245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11245" + }, + { + "name": "VU#584958", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/584958" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html" + }, + { + "name": "12638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12638/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1650.json b/2004/1xxx/CVE-2004-1650.json index 005e844c7cf..67e97f4c4da 100644 --- a/2004/1xxx/CVE-2004-1650.json +++ b/2004/1xxx/CVE-2004-1650.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040831 D-Link DCS-900 IP camera remote exploit that change the IP", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109396893820049&w=2" - }, - { - "name" : "http://miscname.com/public/dcs-900/", - "refsource" : "MISC", - "url" : "http://miscname.com/public/dcs-900/" - }, - { - "name" : "11072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11072" - }, - { - "name" : "1011100", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011100" - }, - { - "name" : "12425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12425" - }, - { - "name" : "dlink-dcs900-ip-modification(17171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1011100", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011100" + }, + { + "name": "11072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11072" + }, + { + "name": "20040831 D-Link DCS-900 IP camera remote exploit that change the IP", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109396893820049&w=2" + }, + { + "name": "http://miscname.com/public/dcs-900/", + "refsource": "MISC", + "url": "http://miscname.com/public/dcs-900/" + }, + { + "name": "12425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12425" + }, + { + "name": "dlink-dcs900-ip-modification(17171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17171" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1775.json b/2004/1xxx/CVE-2004-1775.json index b728a75af3d..38756b530f8 100644 --- a/2004/1xxx/CVE-2004-1775.json +++ b/2004/1xxx/CVE-2004-1775.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041008 Cisco IOS Software Multiple SNMP Community String Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml" - }, - { - "name" : "VU#645400", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/645400" - }, - { - "name" : "5030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5030" - }, - { - "name" : "cisco-snmp-vacm(6179)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-snmp-vacm(6179)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6179" + }, + { + "name": "5030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5030" + }, + { + "name": "VU#645400", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/645400" + }, + { + "name": "20041008 Cisco IOS Software Multiple SNMP Community String Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1944.json b/2004/1xxx/CVE-2004-1944.json index 85b17023250..0ae7f0c39b0 100644 --- a/2004/1xxx/CVE-2004-1944.json +++ b/2004/1xxx/CVE-2004-1944.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040414 Eudora 6.0.3 nested MIME DoS", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020075.html" - }, - { - "name" : "20040419 Eudora 6.1 is evil", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108241694627321&w=2" - }, - { - "name" : "10137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10137" - }, - { - "name" : "11360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11360" - }, - { - "name" : "eudora-mime-message-dos(15857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10137" + }, + { + "name": "eudora-mime-message-dos(15857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15857" + }, + { + "name": "11360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11360" + }, + { + "name": "20040419 Eudora 6.1 is evil", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108241694627321&w=2" + }, + { + "name": "20040414 Eudora 6.0.3 nested MIME DoS", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020075.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2268.json b/2004/2xxx/CVE-2004-2268.json index e77aaade07d..8d778bde24e 100644 --- a/2004/2xxx/CVE-2004-2268.json +++ b/2004/2xxx/CVE-2004-2268.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.pimentech.net/src/pimengest2/debian/changelog", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.pimentech.net/src/pimengest2/debian/changelog" - }, - { - "name" : "10408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10408" - }, - { - "name" : "6324", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6324" - }, - { - "name" : "1010257", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010257" - }, - { - "name" : "pimengest2-rowlatex-view-password(16234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.pimentech.net/src/pimengest2/debian/changelog", + "refsource": "CONFIRM", + "url": "ftp://ftp.pimentech.net/src/pimengest2/debian/changelog" + }, + { + "name": "6324", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6324" + }, + { + "name": "1010257", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010257" + }, + { + "name": "pimengest2-rowlatex-view-password(16234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16234" + }, + { + "name": "10408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10408" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2650.json b/2004/2xxx/CVE-2004-2650.json index b3a44aacce9..300f7c31c58 100644 --- a/2004/2xxx/CVE-2004-2650.json +++ b/2004/2xxx/CVE-2004-2650.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://issues.apache.org/jira/browse/JAMES-268", - "refsource" : "MISC", - "url" : "http://issues.apache.org/jira/browse/JAMES-268" - }, - { - "name" : "http://james.apache.org/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://james.apache.org/changelog.html" - }, - { - "name" : "15765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://issues.apache.org/jira/browse/JAMES-268", + "refsource": "MISC", + "url": "http://issues.apache.org/jira/browse/JAMES-268" + }, + { + "name": "http://james.apache.org/changelog.html", + "refsource": "CONFIRM", + "url": "http://james.apache.org/changelog.html" + }, + { + "name": "15765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15765" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2727.json b/2004/2xxx/CVE-2004-2727.json index 48368c9be50..b1c286a09dc 100644 --- a/2004/2xxx/CVE-2004-2727.json +++ b/2004/2xxx/CVE-2004-2727.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hat-squad.com/en/000071.html", - "refsource" : "MISC", - "url" : "http://www.hat-squad.com/en/000071.html" - }, - { - "name" : "10312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10312" - }, - { - "name" : "ADV-2005-0383", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0383" - }, - { - "name" : "6037", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6037" - }, - { - "name" : "6038", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6038" - }, - { - "name" : "1010107", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010107" - }, - { - "name" : "11588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11588" - }, - { - "name" : "mailenable-disabled-mehttps-bo(16115)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16115" - }, - { - "name" : "mailenable-enabled-mehttps-dos(16114)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6037", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6037" + }, + { + "name": "mailenable-disabled-mehttps-bo(16115)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16115" + }, + { + "name": "ADV-2005-0383", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0383" + }, + { + "name": "6038", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6038" + }, + { + "name": "11588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11588" + }, + { + "name": "mailenable-enabled-mehttps-dos(16114)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16114" + }, + { + "name": "http://www.hat-squad.com/en/000071.html", + "refsource": "MISC", + "url": "http://www.hat-squad.com/en/000071.html" + }, + { + "name": "1010107", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010107" + }, + { + "name": "10312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10312" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2741.json b/2004/2xxx/CVE-2004-2741.json index c1d2e9e8991..6c6f515b9bd 100644 --- a/2004/2xxx/CVE-2004-2741.json +++ b/2004/2xxx/CVE-2004-2741.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"help window\" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[horde-announce] 20041026 Horde 2.2.7 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2004/000107.html" - }, - { - "name" : "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u" - }, - { - "name" : "11546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11546" - }, - { - "name" : "11164", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11164" - }, - { - "name" : "1011959", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011959" - }, - { - "name" : "12992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12992" - }, - { - "name" : "horde-help-window-xss(17881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"help window\" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11164", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11164" + }, + { + "name": "11546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11546" + }, + { + "name": "12992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12992" + }, + { + "name": "[horde-announce] 20041026 Horde 2.2.7 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2004/000107.html" + }, + { + "name": "horde-help-window-xss(17881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881" + }, + { + "name": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u" + }, + { + "name": "1011959", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011959" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2236.json b/2008/2xxx/CVE-2008-2236.json index db1b0b9bb84..af368a332d2 100644 --- a/2008/2xxx/CVE-2008-2236.json +++ b/2008/2xxx/CVE-2008-2236.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=630149", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=630149" - }, - { - "name" : "JVN#03300113", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN03300113/index.html" - }, - { - "name" : "JVNDB-2008-000073", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000073.html" - }, - { - "name" : "31535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31535" - }, - { - "name" : "32074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32074" - }, - { - "name" : "blosxom-flav-xss(45600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2008-000073", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000073.html" + }, + { + "name": "blosxom-flav-xss(45600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45600" + }, + { + "name": "32074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32074" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=630149", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=630149" + }, + { + "name": "JVN#03300113", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN03300113/index.html" + }, + { + "name": "31535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31535" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2859.json b/2008/2xxx/CVE-2008-2859.json index 7da127dc1aa..2071c53295e 100644 --- a/2008/2xxx/CVE-2008-2859.json +++ b/2008/2xxx/CVE-2008-2859.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.netwinsite.com/surgemail/help/updates.htm", - "refsource" : "CONFIRM", - "url" : "http://www.netwinsite.com/surgemail/help/updates.htm" - }, - { - "name" : "29805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29805" - }, - { - "name" : "ADV-2008-1874", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1874/references" - }, - { - "name" : "1020335", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020335" - }, - { - "name" : "30739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30739" - }, - { - "name" : "surgemail-imap-dos(43171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an \"imap command.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020335", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020335" + }, + { + "name": "29805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29805" + }, + { + "name": "ADV-2008-1874", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1874/references" + }, + { + "name": "30739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30739" + }, + { + "name": "surgemail-imap-dos(43171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43171" + }, + { + "name": "http://www.netwinsite.com/surgemail/help/updates.htm", + "refsource": "CONFIRM", + "url": "http://www.netwinsite.com/surgemail/help/updates.htm" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2925.json b/2008/2xxx/CVE-2008-2925.json index e1139438e8f..021007e6404 100644 --- a/2008/2xxx/CVE-2008-2925.json +++ b/2008/2xxx/CVE-2008-2925.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.valarsoft.com/index.php?page=home¬izie=si¬ID=154&singlenot=1&no_home=1#2", - "refsource" : "CONFIRM", - "url" : "http://www.valarsoft.com/index.php?page=home¬izie=si¬ID=154&singlenot=1&no_home=1#2" - }, - { - "name" : "29748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29748" - }, - { - "name" : "30656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30656" - }, - { - "name" : "webmatic-unspecified-sql-injection(43105)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webmatic-unspecified-sql-injection(43105)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43105" + }, + { + "name": "29748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29748" + }, + { + "name": "http://www.valarsoft.com/index.php?page=home¬izie=si¬ID=154&singlenot=1&no_home=1#2", + "refsource": "CONFIRM", + "url": "http://www.valarsoft.com/index.php?page=home¬izie=si¬ID=154&singlenot=1&no_home=1#2" + }, + { + "name": "30656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30656" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6434.json b/2008/6xxx/CVE-2008-6434.json index 658c97da7fc..d3a9cad06ea 100644 --- a/2008/6xxx/CVE-2008-6434.json +++ b/2008/6xxx/CVE-2008-6434.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/67/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/67/45/" - }, - { - "name" : "29346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29346" - }, - { - "name" : "45616", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45616" - }, - { - "name" : "30367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30367" - }, - { - "name" : "savacms-index-sql-injection(49225)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29346" + }, + { + "name": "30367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30367" + }, + { + "name": "45616", + "refsource": "OSVDB", + "url": "http://osvdb.org/45616" + }, + { + "name": "savacms-index-sql-injection(49225)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49225" + }, + { + "name": "http://holisticinfosec.org/content/view/67/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/67/45/" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6552.json b/2008/6xxx/CVE-2008-6552.json index a4246232c1a..ac71691d6c9 100644 --- a/2008/6xxx/CVE-2008-6552.json +++ b/2008/6xxx/CVE-2008-6552.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FEDORA-2008-9458", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html" - }, - { - "name" : "FEDORA-2008-9458", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html" - }, - { - "name" : "FEDORA-2008-9458", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html" - }, - { - "name" : "RHSA-2011:0264", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0264.html" - }, - { - "name" : "RHSA-2011:0265", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0265.html" - }, - { - "name" : "RHSA-2009:1337", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-1337.html" - }, - { - "name" : "RHSA-2009:1339", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1339.html" - }, - { - "name" : "RHSA-2009:1341", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1341.html" - }, - { - "name" : "USN-875-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-875-1" - }, - { - "name" : "32179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32179" - }, - { - "name" : "50299", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50299" - }, - { - "name" : "50300", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50300" - }, - { - "name" : "50301", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50301" - }, - { - "name" : "oval:org.mitre.oval:def:11404", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11404" - }, - { - "name" : "32602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32602" - }, - { - "name" : "32616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32616" - }, - { - "name" : "43367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43367" - }, - { - "name" : "43372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43372" - }, - { - "name" : "36530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36530" - }, - { - "name" : "36555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36555" - }, - { - "name" : "ADV-2011-0416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0416" - }, - { - "name" : "ADV-2011-0417", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0417" - }, - { - "name" : "clusterproject-unspecified-priv-escalation(46412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32616" + }, + { + "name": "ADV-2011-0416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0416" + }, + { + "name": "RHSA-2009:1341", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1341.html" + }, + { + "name": "RHSA-2011:0264", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0264.html" + }, + { + "name": "36555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36555" + }, + { + "name": "32179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32179" + }, + { + "name": "FEDORA-2008-9458", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html" + }, + { + "name": "ADV-2011-0417", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0417" + }, + { + "name": "32602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32602" + }, + { + "name": "43372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43372" + }, + { + "name": "USN-875-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-875-1" + }, + { + "name": "oval:org.mitre.oval:def:11404", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11404" + }, + { + "name": "FEDORA-2008-9458", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html" + }, + { + "name": "50300", + "refsource": "OSVDB", + "url": "http://osvdb.org/50300" + }, + { + "name": "RHSA-2009:1337", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-1337.html" + }, + { + "name": "RHSA-2011:0265", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0265.html" + }, + { + "name": "43367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43367" + }, + { + "name": "FEDORA-2008-9458", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html" + }, + { + "name": "clusterproject-unspecified-priv-escalation(46412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46412" + }, + { + "name": "36530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36530" + }, + { + "name": "50301", + "refsource": "OSVDB", + "url": "http://osvdb.org/50301" + }, + { + "name": "RHSA-2009:1339", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1339.html" + }, + { + "name": "50299", + "refsource": "OSVDB", + "url": "http://osvdb.org/50299" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6806.json b/2008/6xxx/CVE-2008-6806.json index bdc67e8d0f2..a09ddda6845 100644 --- a/2008/6xxx/CVE-2008-6806.json +++ b/2008/6xxx/CVE-2008-6806.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6866", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6866" - }, - { - "name" : "31978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31978" - }, - { - "name" : "ADV-2008-2965", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2965" - }, - { - "name" : "7shop-imageupload-file-upload(46184)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31978" + }, + { + "name": "6866", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6866" + }, + { + "name": "ADV-2008-2965", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2965" + }, + { + "name": "7shop-imageupload-file-upload(46184)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46184" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6828.json b/2008/6xxx/CVE-2008-6828.json index bc56e28b60a..0b650cf4eb9 100644 --- a/2008/6xxx/CVE-2008-6828.json +++ b/2008/6xxx/CVE-2008-6828.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html" - }, - { - "name" : "31767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31767" - }, - { - "name" : "1021072", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021072" - }, - { - "name" : "31773", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31773" - }, - { - "name" : "ADV-2008-2876", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2876" - }, - { - "name" : "symantec-ads-password-info-disclosure(46007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html" + }, + { + "name": "31773", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31773" + }, + { + "name": "symantec-ads-password-info-disclosure(46007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46007" + }, + { + "name": "ADV-2008-2876", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2876" + }, + { + "name": "31767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31767" + }, + { + "name": "1021072", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021072" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7119.json b/2008/7xxx/CVE-2008-7119.json index f68700c654d..c45d0286546 100644 --- a/2008/7xxx/CVE-2008-7119.json +++ b/2008/7xxx/CVE-2008-7119.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6341", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6341" - }, - { - "name" : "30945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30945" - }, - { - "name" : "webid-item-admin-sql-injection(44817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webid-item-admin-sql-injection(44817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817" + }, + { + "name": "30945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30945" + }, + { + "name": "6341", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6341" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7295.json b/2008/7xxx/CVE-2008-7295.json index 3731d98a6ea..61acd796bc6 100644 --- a/2008/7xxx/CVE-2008-7295.json +++ b/2008/7xxx/CVE-2008-7295.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a \"cookie forcing\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies", - "refsource" : "MISC", - "url" : "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies" - }, - { - "name" : "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html", - "refsource" : "MISC", - "url" : "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660053", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a \"cookie forcing\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html", + "refsource": "MISC", + "url": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html" + }, + { + "name": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies", + "refsource": "MISC", + "url": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5457.json b/2012/5xxx/CVE-2012-5457.json index cff2ab27eb6..4735b15825f 100644 --- a/2012/5xxx/CVE-2012-5457.json +++ b/2012/5xxx/CVE-2012-5457.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5457", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5457", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5606.json b/2012/5xxx/CVE-2012-5606.json index 1e2791ebfa9..43160dcc4b2 100644 --- a/2012/5xxx/CVE-2012-5606.json +++ b/2012/5xxx/CVE-2012-5606.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121130 Re: CVE Request: owncloud", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/30/3" - }, - { - "name" : "http://owncloud.org/changelog/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/changelog/" - }, - { - "name" : "http://owncloud.org/security/advisories/oc-sa-2012-001/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/security/advisories/oc-sa-2012-001/" - }, - { - "name" : "https://github.com/owncloud/core/commit/ce66759", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/ce66759" - }, - { - "name" : "https://github.com/owncloud/core/commit/e45f36c", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/e45f36c" - }, - { - "name" : "https://github.com/owncloud/core/commit/e5f2d46", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/e5f2d46" - }, - { - "name" : "51357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/owncloud/core/commit/e5f2d46", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/e5f2d46" + }, + { + "name": "https://github.com/owncloud/core/commit/ce66759", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/ce66759" + }, + { + "name": "51357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51357" + }, + { + "name": "http://owncloud.org/security/advisories/oc-sa-2012-001/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/security/advisories/oc-sa-2012-001/" + }, + { + "name": "[oss-security] 20121130 Re: CVE Request: owncloud", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3" + }, + { + "name": "http://owncloud.org/changelog/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/changelog/" + }, + { + "name": "https://github.com/owncloud/core/commit/e45f36c", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/e45f36c" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5731.json b/2012/5xxx/CVE-2012-5731.json index 22d16dec838..27adb739305 100644 --- a/2012/5xxx/CVE-2012-5731.json +++ b/2012/5xxx/CVE-2012-5731.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5731", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5731", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5830.json b/2012/5xxx/CVE-2012-5830.json index 8b0b22aa7a0..4a532e994af 100644 --- a/2012/5xxx/CVE-2012-5830.json +++ b/2012/5xxx/CVE-2012-5830.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=775228", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=775228" - }, - { - "name" : "RHSA-2012:1482", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html" - }, - { - "name" : "RHSA-2012:1483", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1483.html" - }, - { - "name" : "openSUSE-SU-2012:1583", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" - }, - { - "name" : "openSUSE-SU-2012:1585", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" - }, - { - "name" : "openSUSE-SU-2012:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" - }, - { - "name" : "SUSE-SU-2012:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" - }, - { - "name" : "openSUSE-SU-2013:0175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" - }, - { - "name" : "USN-1638-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-1" - }, - { - "name" : "USN-1638-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-3" - }, - { - "name" : "USN-1638-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-2" - }, - { - "name" : "USN-1636-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1636-1" - }, - { - "name" : "87598", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87598" - }, - { - "name" : "51359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51359" - }, - { - "name" : "51360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51360" - }, - { - "name" : "51369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51369" - }, - { - "name" : "51381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51381" - }, - { - "name" : "51434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51434" - }, - { - "name" : "51439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51439" - }, - { - "name" : "51440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51440" - }, - { - "name" : "51370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51370" - }, - { - "name" : "firefox-html-file-code-execution(80183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1638-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-3" + }, + { + "name": "51370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51370" + }, + { + "name": "USN-1638-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-2" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=775228", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775228" + }, + { + "name": "openSUSE-SU-2012:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" + }, + { + "name": "USN-1636-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1636-1" + }, + { + "name": "openSUSE-SU-2013:0175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" + }, + { + "name": "RHSA-2012:1483", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" + }, + { + "name": "firefox-html-file-code-execution(80183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80183" + }, + { + "name": "RHSA-2012:1482", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" + }, + { + "name": "51434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51434" + }, + { + "name": "openSUSE-SU-2012:1583", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" + }, + { + "name": "51439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51439" + }, + { + "name": "51440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51440" + }, + { + "name": "USN-1638-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-1" + }, + { + "name": "SUSE-SU-2012:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html" + }, + { + "name": "51359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51359" + }, + { + "name": "openSUSE-SU-2012:1585", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" + }, + { + "name": "51381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51381" + }, + { + "name": "87598", + "refsource": "OSVDB", + "url": "http://osvdb.org/87598" + }, + { + "name": "51369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51369" + }, + { + "name": "51360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51360" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5946.json b/2012/5xxx/CVE-2012-5946.json index 436d30fc179..6bedc5abdb1 100644 --- a/2012/5xxx/CVE-2012-5946.json +++ b/2012/5xxx/CVE-2012-5946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635476", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635476" - }, - { - "name" : "spss-samplepower-c1sizer-bo(80562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21635476", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635476" + }, + { + "name": "spss-samplepower-c1sizer-bo(80562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80562" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11021.json b/2017/11xxx/CVE-2017-11021.json index b4fd324f673..b16d8cb08aa 100644 --- a/2017/11xxx/CVE-2017-11021.json +++ b/2017/11xxx/CVE-2017-11021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11021", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11021", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11385.json b/2017/11xxx/CVE-2017-11385.json index bdeae0df6f4..93146ff6ba9 100644 --- a/2017/11xxx/CVE-2017-11385.json +++ b/2017/11xxx/CVE-2017-11385.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2017-11385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2017-11385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-495", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-495" - }, - { - "name" : "https://success.trendmicro.com/solution/1117722", - "refsource" : "MISC", - "url" : "https://success.trendmicro.com/solution/1117722" - }, - { - "name" : "100078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100078" - }, - { - "name" : "1039049", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100078" + }, + { + "name": "1039049", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039049" + }, + { + "name": "https://success.trendmicro.com/solution/1117722", + "refsource": "MISC", + "url": "https://success.trendmicro.com/solution/1117722" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-495", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-495" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11731.json b/2017/11xxx/CVE-2017-11731.json index 68c192783bd..2ef1e7b7f1b 100644 --- a/2017/11xxx/CVE-2017-11731.json +++ b/2017/11xxx/CVE-2017-11731.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://somevulnsofadlab.blogspot.jp/2017/07/libminginvalid-memory-read-in-opcode.html", - "refsource" : "MISC", - "url" : "http://somevulnsofadlab.blogspot.jp/2017/07/libminginvalid-memory-read-in-opcode.html" - }, - { - "name" : "https://github.com/libming/libming/issues/84", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/84" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/84", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/84" + }, + { + "name": "http://somevulnsofadlab.blogspot.jp/2017/07/libminginvalid-memory-read-in-opcode.html", + "refsource": "MISC", + "url": "http://somevulnsofadlab.blogspot.jp/2017/07/libminginvalid-memory-read-in-opcode.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11952.json b/2017/11xxx/CVE-2017-11952.json index 74aaad90ac6..36afd503b4f 100644 --- a/2017/11xxx/CVE-2017-11952.json +++ b/2017/11xxx/CVE-2017-11952.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11952", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11952", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15046.json b/2017/15xxx/CVE-2017-15046.json index 8c8ee8fb73f..d2df2377e5c 100644 --- a/2017/15xxx/CVE-2017-15046.json +++ b/2017/15xxx/CVE-2017-15046.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/lame/bugs/479/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/lame/bugs/479/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/lame/bugs/479/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/lame/bugs/479/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15326.json b/2017/15xxx/CVE-2017-15326.json index 0a1767039cf..b74886a264a 100644 --- a/2017/15xxx/CVE-2017-15326.json +++ b/2017/15xxx/CVE-2017-15326.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2018-03-21T00:00:00", - "ID" : "CVE-2017-15326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DBS3900 TDD LTE", - "version" : { - "version_data" : [ - { - "version_value" : "V100R003C00, V100R004C10" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "weak encryption algorithm" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2018-03-21T00:00:00", + "ID": "CVE-2017-15326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DBS3900 TDD LTE", + "version": { + "version_data": [ + { + "version_value": "V100R003C00, V100R004C10" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "weak encryption algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15410.json b/2017/15xxx/CVE-2017-15410.json index c10f8462e2f..a02e8c94214 100644 --- a/2017/15xxx/CVE-2017-15410.json +++ b/2017/15xxx/CVE-2017-15410.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-15410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 63.0.3239.84 unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 63.0.3239.84 unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-15410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 63.0.3239.84 unknown", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 63.0.3239.84 unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/765921", - "refsource" : "MISC", - "url" : "https://crbug.com/765921" - }, - { - "name" : "DSA-4064", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4064" - }, - { - "name" : "GLSA-201801-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-03" - }, - { - "name" : "RHSA-2017:3401", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/765921", + "refsource": "MISC", + "url": "https://crbug.com/765921" + }, + { + "name": "RHSA-2017:3401", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3401" + }, + { + "name": "GLSA-201801-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-03" + }, + { + "name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" + }, + { + "name": "DSA-4064", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4064" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3454.json b/2017/3xxx/CVE-2017-3454.json index 76d7e196fae..4a2191a068b 100644 --- a/2017/3xxx/CVE-2017-3454.json +++ b/2017/3xxx/CVE-2017-3454.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "97791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97791" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97791" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3930.json b/2017/3xxx/CVE-2017-3930.json index e2420a40d05..794a3f8a4c8 100644 --- a/2017/3xxx/CVE-2017-3930.json +++ b/2017/3xxx/CVE-2017-3930.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3930", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3930", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8179.json b/2017/8xxx/CVE-2017-8179.json index b18f37d3dd8..0f31762db5e 100644 --- a/2017/8xxx/CVE-2017-8179.json +++ b/2017/8xxx/CVE-2017-8179.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nice-AL00", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than Nice-AL00C00B155" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nice-AL00", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than Nice-AL00C00B155" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en" - }, - { - "name" : "101956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en" + }, + { + "name": "101956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101956" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8232.json b/2017/8xxx/CVE-2017-8232.json index 1be8e1ec81a..61f2607310d 100644 --- a/2017/8xxx/CVE-2017-8232.json +++ b/2017/8xxx/CVE-2017-8232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8232", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8232", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8643.json b/2017/8xxx/CVE-2017-8643.json index 7b8cd91ef7d..d30a886c5ba 100644 --- a/2017/8xxx/CVE-2017-8643.json +++ b/2017/8xxx/CVE-2017-8643.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8643", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8643" - }, - { - "name" : "100747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100747" - }, - { - "name" : "1039326", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100747" + }, + { + "name": "1039326", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039326" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8643", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8643" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8961.json b/2017/8xxx/CVE-2017-8961.json index f79bcfcd465..f53658b51b0 100644 --- a/2017/8xxx/CVE-2017-8961.json +++ b/2017/8xxx/CVE-2017-8961.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-10-27T00:00:00", - "ID" : "CVE-2017-8961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center", - "version" : { - "version_data" : [ - { - "version_value" : "7.3 E0504P02" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "HPESBHF03788 rev.1 - Hewlett Packard Enterprise Intelligent Management Center flexFileUpload Directory Traversal Remote Code Execution Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-10-27T00:00:00", + "ID": "CVE-2017-8961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center", + "version": { + "version_data": [ + { + "version_value": "7.3 E0504P02" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03788en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03788en_us" - }, - { - "name" : "1039702", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HPESBHF03788 rev.1 - Hewlett Packard Enterprise Intelligent Management Center flexFileUpload Directory Traversal Remote Code Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03788en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03788en_us" + }, + { + "name": "1039702", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039702" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12194.json b/2018/12xxx/CVE-2018-12194.json index d4e2ea61709..a458e7245e4 100644 --- a/2018/12xxx/CVE-2018-12194.json +++ b/2018/12xxx/CVE-2018-12194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12351.json b/2018/12xxx/CVE-2018-12351.json index b877f908646..77aba9aa80c 100644 --- a/2018/12xxx/CVE-2018-12351.json +++ b/2018/12xxx/CVE-2018-12351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12624.json b/2018/12xxx/CVE-2018-12624.json index ff7b9fd1391..ef8d3906bdb 100644 --- a/2018/12xxx/CVE-2018-12624.json +++ b/2018/12xxx/CVE-2018-12624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12954.json b/2018/12xxx/CVE-2018-12954.json index f8ca742fd1c..3c351640741 100644 --- a/2018/12xxx/CVE-2018-12954.json +++ b/2018/12xxx/CVE-2018-12954.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12954", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12954", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13523.json b/2018/13xxx/CVE-2018-13523.json index 58b857855d1..2e213ffd6f9 100644 --- a/2018/13xxx/CVE-2018-13523.json +++ b/2018/13xxx/CVE-2018-13523.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SmartPayment", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SmartPayment" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SmartPayment", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SmartPayment" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13726.json b/2018/13xxx/CVE-2018-13726.json index 2817b6c660d..0013e6e453a 100644 --- a/2018/13xxx/CVE-2018-13726.json +++ b/2018/13xxx/CVE-2018-13726.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for ISeeVoiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ISeeVoiceToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ISeeVoiceToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for ISeeVoiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ISeeVoiceToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ISeeVoiceToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16201.json b/2018/16xxx/CVE-2018-16201.json index 737803e4955..695ff1c4fe5 100644 --- a/2018/16xxx/CVE-2018-16201.json +++ b/2018/16xxx/CVE-2018-16201.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", - "version" : { - "version_data" : [ - { - "version_value" : "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "Toshiba Lighting & Technology Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Hard-coded Credentials" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", + "version": { + "version_data": [ + { + "version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Lighting & Technology Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm", - "refsource" : "MISC", - "url" : "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" - }, - { - "name" : "JVN#99810718", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN99810718/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#99810718", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN99810718/index.html" + }, + { + "name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm", + "refsource": "MISC", + "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16331.json b/2018/16xxx/CVE-2018-16331.json index 11e74e423d9..0294631b106 100644 --- a/2018/16xxx/CVE-2018-16331.json +++ b/2018/16xxx/CVE-2018-16331.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Vict00r/poc/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/Vict00r/poc/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Vict00r/poc/issues/1", + "refsource": "MISC", + "url": "https://github.com/Vict00r/poc/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16818.json b/2018/16xxx/CVE-2018-16818.json index 09f1073ed92..f3c6f25f9cd 100644 --- a/2018/16xxx/CVE-2018-16818.json +++ b/2018/16xxx/CVE-2018-16818.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16818", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16818", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16908.json b/2018/16xxx/CVE-2018-16908.json index 42cea2efb8d..dae9f0aa1b1 100644 --- a/2018/16xxx/CVE-2018-16908.json +++ b/2018/16xxx/CVE-2018-16908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16908", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16908", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17578.json b/2018/17xxx/CVE-2018-17578.json index d2d54d6d536..07f28ef4f62 100644 --- a/2018/17xxx/CVE-2018-17578.json +++ b/2018/17xxx/CVE-2018-17578.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17578", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17578", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17916.json b/2018/17xxx/CVE-2018-17916.json index d420a943cc9..01fcaa6344a 100644 --- a/2018/17xxx/CVE-2018-17916.json +++ b/2018/17xxx/CVE-2018-17916.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-17916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition)", - "version" : { - "version_data" : [ - { - "version_value" : "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2" - } - ] - } - } - ] - }, - "vendor_name" : "unknown" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-17916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition)", + "version": { + "version_data": [ + { + "version_value": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2" + } + ] + } + } + ] + }, + "vendor_name": "unknown" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2018-34", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-34" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01" + }, + { + "name": "https://www.tenable.com/security/research/tra-2018-34", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-34" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4713.json b/2018/4xxx/CVE-2018-4713.json index de90b6d1014..5214d861865 100644 --- a/2018/4xxx/CVE-2018-4713.json +++ b/2018/4xxx/CVE-2018-4713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7423.json b/2019/7xxx/CVE-2019-7423.json index ffb6274db66..d799529bbe5 100644 --- a/2019/7xxx/CVE-2019-7423.json +++ b/2019/7xxx/CVE-2019-7423.json @@ -1,18 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/editProfile.jsp\" file in the userName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html" + }, + { + "url": "https://www.manageengine.com/products/netflow/?doc", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/netflow/?doc" + }, + { + "refsource": "FULLDISC", + "name": "20190206 [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone", + "url": "http://seclists.org/fulldisclosure/2019/Feb/29" + } + ] + } +} \ No newline at end of file