diff --git a/2004/0xxx/CVE-2004-0133.json b/2004/0xxx/CVE-2004-0133.json index e21df66ab2d..d619f756f2b 100644 --- a/2004/0xxx/CVE-2004-0133.json +++ b/2004/0xxx/CVE-2004-0133.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ESA-20040428-004", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" - }, - { - "name" : "GLSA-200407-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml" - }, - { - "name" : "MDKSA-2004:029", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029" - }, - { - "name" : "20040405-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc" - }, - { - "name" : "2004-0020", - "refsource" : "TRUSTIX", - "url" : "http://marc.info/?l=bugtraq&m=108213675028441&w=2" - }, - { - "name" : "10151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10151" - }, - { - "name" : "11362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11362" - }, - { - "name" : "linux-xfs-info-disclosure(15901)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040405-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc" + }, + { + "name": "2004-0020", + "refsource": "TRUSTIX", + "url": "http://marc.info/?l=bugtraq&m=108213675028441&w=2" + }, + { + "name": "11362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11362" + }, + { + "name": "10151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10151" + }, + { + "name": "linux-xfs-info-disclosure(15901)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15901" + }, + { + "name": "ESA-20040428-004", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" + }, + { + "name": "MDKSA-2004:029", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029" + }, + { + "name": "GLSA-200407-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200407-02.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0601.json b/2004/0xxx/CVE-2004-0601.json index 13797b94949..ed6f67bf95f 100644 --- a/2004/0xxx/CVE-2004-0601.json +++ b/2004/0xxx/CVE-2004-0601.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://distcc.samba.org/ftp/distcc/distcc-2.17.NEWS", - "refsource" : "CONFIRM", - "url" : "http://distcc.samba.org/ftp/distcc/distcc-2.17.NEWS" - }, - { - "name" : "12711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12711/" - }, - { - "name" : "11319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11319" - }, - { - "name" : "distcc-ip-gain-privileges(17581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "distcc-ip-gain-privileges(17581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17581" + }, + { + "name": "12711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12711/" + }, + { + "name": "11319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11319" + }, + { + "name": "http://distcc.samba.org/ftp/distcc/distcc-2.17.NEWS", + "refsource": "CONFIRM", + "url": "http://distcc.samba.org/ftp/distcc/distcc-2.17.NEWS" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0794.json b/2004/0xxx/CVE-2004-0794.json index 5c32e5de73f..128c3965f23 100644 --- a/2004/0xxx/CVE-2004-0794.json +++ b/2004/0xxx/CVE-2004-0794.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040817 Multiple remote vulnerabilities in lukemftpd aka. tnftpd", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025418.html" - }, - { - "name" : "DSA-551", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-551" - }, - { - "name" : "NetBSD-SA2004-009", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc" - }, - { - "name" : "http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html", - "refsource" : "CONFIRM", - "url" : "http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html" - }, - { - "name" : "tnftpd-gain-access(17020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html", + "refsource": "CONFIRM", + "url": "http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html" + }, + { + "name": "tnftpd-gain-access(17020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17020" + }, + { + "name": "DSA-551", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-551" + }, + { + "name": "20040817 Multiple remote vulnerabilities in lukemftpd aka. tnftpd", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025418.html" + }, + { + "name": "NetBSD-SA2004-009", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0954.json b/2004/0xxx/CVE-2004-0954.json index 66ea7e88202..5cdf358df74 100644 --- a/2004/0xxx/CVE-2004-0954.json +++ b/2004/0xxx/CVE-2004-0954.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0954", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0597. Reason: This candidate is a reservation duplicate of CVE-2004-0597. Notes: All CVE users should reference CVE-2004-0597 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0954", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0597. Reason: This candidate is a reservation duplicate of CVE-2004-0597. Notes: All CVE users should reference CVE-2004-0597 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1540.json b/2004/1xxx/CVE-2004-1540.json index c5e2871cccb..c4a3bb6480b 100644 --- a/2004/1xxx/CVE-2004-1540.json +++ b/2004/1xxx/CVE-2004-1540.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041121 Router ZyXEL Prestige 650 HW http remote admin.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110116413414615&w=2" - }, - { - "name" : "20041124 Re: Router ZyXEL Prestige 650 HW http remote admin.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110135136811344&w=2" - }, - { - "name" : "11723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11723" - }, - { - "name" : "12108", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12108" - }, - { - "name" : "1012298", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012298" - }, - { - "name" : "13278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13278" - }, - { - "name" : "zyxel-configuration-reset(18202)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041121 Router ZyXEL Prestige 650 HW http remote admin.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110116413414615&w=2" + }, + { + "name": "12108", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12108" + }, + { + "name": "11723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11723" + }, + { + "name": "13278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13278" + }, + { + "name": "zyxel-configuration-reset(18202)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18202" + }, + { + "name": "20041124 Re: Router ZyXEL Prestige 650 HW http remote admin.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110135136811344&w=2" + }, + { + "name": "1012298", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012298" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1620.json b/2004/1xxx/CVE-2004-1620.json index 8680fe6b94f..c925ca614d1 100644 --- a/2004/1xxx/CVE-2004-1620.json +++ b/2004/1xxx/CVE-2004-1620.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041021 HTTP Response Splitting in Serendipity 0.7-beta4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109841283115808&w=2" - }, - { - "name" : "http://www.s9y.org/5.html", - "refsource" : "CONFIRM", - "url" : "http://www.s9y.org/5.html" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=276694", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=276694" - }, - { - "name" : "11497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11497" - }, - { - "name" : "11013", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11013" - }, - { - "name" : "11038", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11038" - }, - { - "name" : "11039", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11039" - }, - { - "name" : "1011864", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011864" - }, - { - "name" : "12909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12909/" - }, - { - "name" : "serendipity-response-splitting(17798)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041021 HTTP Response Splitting in Serendipity 0.7-beta4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109841283115808&w=2" + }, + { + "name": "http://www.s9y.org/5.html", + "refsource": "CONFIRM", + "url": "http://www.s9y.org/5.html" + }, + { + "name": "11497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11497" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup" + }, + { + "name": "serendipity-response-splitting(17798)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17798" + }, + { + "name": "11039", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11039" + }, + { + "name": "1011864", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011864" + }, + { + "name": "11038", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11038" + }, + { + "name": "12909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12909/" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=276694", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=276694" + }, + { + "name": "11013", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11013" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1771.json b/2004/1xxx/CVE-2004-1771.json index 05b449b5c70..2921cdf624e 100644 --- a/2004/1xxx/CVE-2004-1771.json +++ b/2004/1xxx/CVE-2004-1771.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.opengroupware.org/bugzilla/show_bug.cgi?id=1060", - "refsource" : "MISC", - "url" : "http://bugzilla.opengroupware.org/bugzilla/show_bug.cgi?id=1060" - }, - { - "name" : "14675", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14675" - }, - { - "name" : "1013553", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013553" - }, - { - "name" : "ogo-permission-information-disclosure(19820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.opengroupware.org/bugzilla/show_bug.cgi?id=1060", + "refsource": "MISC", + "url": "http://bugzilla.opengroupware.org/bugzilla/show_bug.cgi?id=1060" + }, + { + "name": "ogo-permission-information-disclosure(19820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19820" + }, + { + "name": "1013553", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013553" + }, + { + "name": "14675", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14675" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2771.json b/2004/2xxx/CVE-2004-2771.json index 533f36c9003..eb331a58c00 100644 --- a/2004/2xxx/CVE-2004-2771.json +++ b/2004/2xxx/CVE-2004-2771.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2004-2771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/1066" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1999.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1999.html" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748" - }, - { - "name" : "DSA-3105", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3105" - }, - { - "name" : "RHSA-2014:1999", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1999.html" - }, - { - "name" : "60940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60940" - }, - { - "name" : "61585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61585" - }, - { - "name" : "61693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1999.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html" + }, + { + "name": "DSA-3105", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3105" + }, + { + "name": "61693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61693" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748" + }, + { + "name": "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/1066" + }, + { + "name": "60940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60940" + }, + { + "name": "61585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61585" + }, + { + "name": "RHSA-2014:1999", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2242.json b/2008/2xxx/CVE-2008-2242.json index d9397a3263a..15761b9f551 100644 --- a/2008/2xxx/CVE-2008-2242.json +++ b/2008/2xxx/CVE-2008-2242.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080519 CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492274/100/0/threaded" - }, - { - "name" : "20080519 ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492291/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-026/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-026/" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798" - }, - { - "name" : "29283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29283" - }, - { - "name" : "ADV-2008-1573", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1573/references" - }, - { - "name" : "1020044", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020044" - }, - { - "name" : "30300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30300" - }, - { - "name" : "ca-arcservebackup-xdrrwsstring-bo(42527)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-026/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-026/" + }, + { + "name": "29283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29283" + }, + { + "name": "30300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30300" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798" + }, + { + "name": "20080519 ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492291/100/0/threaded" + }, + { + "name": "ADV-2008-1573", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1573/references" + }, + { + "name": "1020044", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020044" + }, + { + "name": "ca-arcservebackup-xdrrwsstring-bo(42527)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42527" + }, + { + "name": "20080519 CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492274/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2455.json b/2008/2xxx/CVE-2008-2455.json index 6149d9eac6d..52f66f3a1b5 100644 --- a/2008/2xxx/CVE-2008-2455.json +++ b/2008/2xxx/CVE-2008-2455.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5604", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5604" - }, - { - "name" : "29181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29181" - }, - { - "name" : "30212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30212" - }, - { - "name" : "blogengine-comment-sql-injection(42386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30212" + }, + { + "name": "5604", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5604" + }, + { + "name": "blogengine-comment-sql-injection(42386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42386" + }, + { + "name": "29181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29181" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2780.json b/2008/2xxx/CVE-2008-2780.json index 54c4585808b..87beb26cd4b 100644 --- a/2008/2xxx/CVE-2008-2780.json +++ b/2008/2xxx/CVE-2008-2780.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://albinoloverats.net/index.php?option=com_content&task=view&id=60&Itemid=2", - "refsource" : "CONFIRM", - "url" : "https://albinoloverats.net/index.php?option=com_content&task=view&id=60&Itemid=2" - }, - { - "name" : "ADV-2008-1663", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1663/references" - }, - { - "name" : "30388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30388" - }, - { - "name" : "anubis-filesize-information-disclosure(42652)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://albinoloverats.net/index.php?option=com_content&task=view&id=60&Itemid=2", + "refsource": "CONFIRM", + "url": "https://albinoloverats.net/index.php?option=com_content&task=view&id=60&Itemid=2" + }, + { + "name": "ADV-2008-1663", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1663/references" + }, + { + "name": "anubis-filesize-information-disclosure(42652)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42652" + }, + { + "name": "30388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30388" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2949.json b/2008/2xxx/CVE-2008-2949.json index 17d9644dd17..aa8d77f7217 100644 --- a/2008/2xxx/CVE-2008-2949.json +++ b/2008/2xxx/CVE-2008-2949.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.zdnet.com/security/?p=1348", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=1348" - }, - { - "name" : "http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html", - "refsource" : "MISC", - "url" : "http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html" - }, - { - "name" : "http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD", - "refsource" : "MISC", - "url" : "http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD" - }, - { - "name" : "VU#516627", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/516627" - }, - { - "name" : "ADV-2008-1941", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1941/references" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1941", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1941/references" + }, + { + "name": "VU#516627", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/516627" + }, + { + "name": "http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD", + "refsource": "MISC", + "url": "http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD" + }, + { + "name": "http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html", + "refsource": "MISC", + "url": "http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html" + }, + { + "name": "http://blogs.zdnet.com/security/?p=1348", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=1348" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3053.json b/2008/3xxx/CVE-2008-3053.json index 1c2510e3740..25a12b7e864 100644 --- a/2008/3xxx/CVE-2008-3053.json +++ b/2008/3xxx/CVE-2008-3053.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/" - }, - { - "name" : "30051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30051" - }, - { - "name" : "30885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30885" - }, - { - "name" : "sqlfrontend-sql-injection(43483)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/" + }, + { + "name": "30885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30885" + }, + { + "name": "30051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30051" + }, + { + "name": "sqlfrontend-sql-injection(43483)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43483" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3095.json b/2008/3xxx/CVE-2008-3095.json index 3843e957e0f..6334f5478b7 100644 --- a/2008/3xxx/CVE-2008-3095.json +++ b/2008/3xxx/CVE-2008-3095.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/277873", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/277873" - }, - { - "name" : "30070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30070" - }, - { - "name" : "30928", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30928" - }, - { - "name" : "organic-groups-unspecified-xss(43572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30070" + }, + { + "name": "http://drupal.org/node/277873", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/277873" + }, + { + "name": "30928", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30928" + }, + { + "name": "organic-groups-unspecified-xss(43572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43572" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3668.json b/2008/3xxx/CVE-2008-3668.json index 78e12030b8e..53488195ddd 100644 --- a/2008/3xxx/CVE-2008-3668.json +++ b/2008/3xxx/CVE-2008-3668.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2008/08/yogurt-social-network-multiple-scripts.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2008/08/yogurt-social-network-multiple-scripts.html" - }, - { - "name" : "30618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30618" - }, - { - "name" : "30619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30619" - }, - { - "name" : "yogurtsocialnetwork-scrapbook-xss(44387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44387" - }, - { - "name" : "yogurtsocialnetwork-uid-xss(44385)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yogurtsocialnetwork-scrapbook-xss(44387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44387" + }, + { + "name": "30618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30618" + }, + { + "name": "yogurtsocialnetwork-uid-xss(44385)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44385" + }, + { + "name": "http://lostmon.blogspot.com/2008/08/yogurt-social-network-multiple-scripts.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2008/08/yogurt-social-network-multiple-scripts.html" + }, + { + "name": "30619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30619" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3825.json b/2008/3xxx/CVE-2008-3825.json index ca3c727a5a6..f62937820d3 100644 --- a/2008/3xxx/CVE-2008-3825.json +++ b/2008/3xxx/CVE-2008-3825.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=461960", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=461960" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "FEDORA-2008-8605", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html" - }, - { - "name" : "FEDORA-2008-8618", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html" - }, - { - "name" : "MDVSA-2008:209", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:209" - }, - { - "name" : "RHSA-2008:0907", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0907.html" - }, - { - "name" : "SUSE-SR:2008:027", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" - }, - { - "name" : "31534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31534" - }, - { - "name" : "oval:org.mitre.oval:def:10923", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10923" - }, - { - "name" : "1020978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020978" - }, - { - "name" : "32119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32119" - }, - { - "name" : "32135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32135" - }, - { - "name" : "32174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32174" - }, - { - "name" : "43314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43314" - }, - { - "name" : "pamkrb5-existingticket-privilege-escalation(45635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=461960", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461960" + }, + { + "name": "pamkrb5-existingticket-privilege-escalation(45635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45635" + }, + { + "name": "RHSA-2008:0907", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0907.html" + }, + { + "name": "1020978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020978" + }, + { + "name": "MDVSA-2008:209", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:209" + }, + { + "name": "32135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32135" + }, + { + "name": "SUSE-SR:2008:027", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" + }, + { + "name": "43314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43314" + }, + { + "name": "32119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32119" + }, + { + "name": "32174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32174" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "FEDORA-2008-8605", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html" + }, + { + "name": "FEDORA-2008-8618", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:10923", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10923" + }, + { + "name": "31534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31534" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6228.json b/2008/6xxx/CVE-2008-6228.json index 9dd64ed63e3..41b13d51dec 100644 --- a/2008/6xxx/CVE-2008-6228.json +++ b/2008/6xxx/CVE-2008-6228.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to \"admin\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6999", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6999" - }, - { - "name" : "ADV-2008-3018", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3018" - }, - { - "name" : "pmvsm-cookie-authentication-bypass(46388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to \"admin\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3018", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3018" + }, + { + "name": "pmvsm-cookie-authentication-bypass(46388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46388" + }, + { + "name": "6999", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6999" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6259.json b/2008/6xxx/CVE-2008-6259.json index 6e2db568ee5..b8ca5913f9a 100644 --- a/2008/6xxx/CVE-2008-6259.json +++ b/2008/6xxx/CVE-2008-6259.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7141", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7141" - }, - { - "name" : "32329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32329" - }, - { - "name" : "32742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32742" - }, - { - "name" : "qshop-search-xss(46650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "qshop-search-xss(46650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46650" + }, + { + "name": "7141", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7141" + }, + { + "name": "32329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32329" + }, + { + "name": "32742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32742" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6283.json b/2008/6xxx/CVE-2008-6283.json index 3d206039874..76547cbfd31 100644 --- a/2008/6xxx/CVE-2008-6283.json +++ b/2008/6xxx/CVE-2008-6283.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to \"the feature which converts URLs to anchor tags.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://haacked.com/archive/2008/11/27/subtext-2.1-security-update.aspx", - "refsource" : "MISC", - "url" : "http://haacked.com/archive/2008/11/27/subtext-2.1-security-update.aspx" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=643458&group_id=137896", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=643458&group_id=137896" - }, - { - "name" : "32513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32513" - }, - { - "name" : "50235", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50235" - }, - { - "name" : "32914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32914" - }, - { - "name" : "subtext-anchortag-xss(46937)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to \"the feature which converts URLs to anchor tags.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32914" + }, + { + "name": "http://haacked.com/archive/2008/11/27/subtext-2.1-security-update.aspx", + "refsource": "MISC", + "url": "http://haacked.com/archive/2008/11/27/subtext-2.1-security-update.aspx" + }, + { + "name": "32513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32513" + }, + { + "name": "50235", + "refsource": "OSVDB", + "url": "http://osvdb.org/50235" + }, + { + "name": "subtext-anchortag-xss(46937)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46937" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=643458&group_id=137896", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=643458&group_id=137896" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7130.json b/2008/7xxx/CVE-2008-7130.json index a0b3853c434..3f91ae1c10b 100644 --- a/2008/7xxx/CVE-2008-7130.json +++ b/2008/7xxx/CVE-2008-7130.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to upload arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=797405", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=797405" - }, - { - "name" : "28253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28253" - }, - { - "name" : "43113", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43113" - }, - { - "name" : "29367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29367" - }, - { - "name" : "ibm-db2-monitoring-unspecified-file-upload(41211)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to upload arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-db2-monitoring-unspecified-file-upload(41211)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41211" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=797405", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=797405" + }, + { + "name": "28253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28253" + }, + { + "name": "43113", + "refsource": "OSVDB", + "url": "http://osvdb.org/43113" + }, + { + "name": "29367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29367" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7159.json b/2008/7xxx/CVE-2008-7159.json index 2019d67238a..a55cd4a695b 100644 --- a/2008/7xxx/CVE-2008-7159.json +++ b/2008/7xxx/CVE-2008-7159.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090831 CVE id request: silc-toolkit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/31/5" - }, - { - "name" : "[oss-security] 20090903 Re: CVE id request: silc-toolkit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/03/5" - }, - { - "name" : "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.8", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.8" - }, - { - "name" : "http://silcnet.org/general/news/news_toolkit.php", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/general/news/news_toolkit.php" - }, - { - "name" : "DSA-1879", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1879" - }, - { - "name" : "MDVSA-2009:234", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:234" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "36192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36192" - }, - { - "name" : "36614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36614" - }, - { - "name" : "36625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36625" - }, - { - "name" : "silctoolkit-silcasn1encoder-format-string(53477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36625" + }, + { + "name": "silctoolkit-silcasn1encoder-format-string(53477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53477" + }, + { + "name": "[oss-security] 20090831 CVE id request: silc-toolkit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/31/5" + }, + { + "name": "36614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36614" + }, + { + "name": "[oss-security] 20090903 Re: CVE id request: silc-toolkit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/03/5" + }, + { + "name": "DSA-1879", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1879" + }, + { + "name": "36192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36192" + }, + { + "name": "http://silcnet.org/general/news/news_toolkit.php", + "refsource": "CONFIRM", + "url": "http://silcnet.org/general/news/news_toolkit.php" + }, + { + "name": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.8", + "refsource": "CONFIRM", + "url": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.8" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "MDVSA-2009:234", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:234" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2331.json b/2013/2xxx/CVE-2013-2331.json index 6646d80fc6b..bc9d841a8c5 100644 --- a/2013/2xxx/CVE-2013-2331.json +++ b/2013/2xxx/CVE-2013-2331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02883", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101051", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101227", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101227", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "SSRT101051", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "HPSBMU02883", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11024.json b/2017/11xxx/CVE-2017-11024.json index 9fff5cb71cc..643904d26a7 100644 --- a/2017/11xxx/CVE-2017-11024.json +++ b/2017/11xxx/CVE-2017-11024.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-11-01T00:00:00", - "ID" : "CVE-2017-11024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-11-01T00:00:00", + "ID": "CVE-2017-11024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11235.json b/2017/11xxx/CVE-2017-11235.json index 590d9aa888a..79bb4ba6997 100644 --- a/2017/11xxx/CVE-2017-11235.json +++ b/2017/11xxx/CVE-2017-11235.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100182" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + }, + { + "name": "100182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100182" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11351.json b/2017/11xxx/CVE-2017-11351.json index a0a29d41b92..214079b1190 100644 --- a/2017/11xxx/CVE-2017-11351.json +++ b/2017/11xxx/CVE-2017-11351.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-axesstel.html", - "refsource" : "MISC", - "url" : "https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-axesstel.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-axesstel.html", + "refsource": "MISC", + "url": "https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-axesstel.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11437.json b/2017/11xxx/CVE-2017-11437.json index ea8e8ffd7a9..08a244b1f26 100644 --- a/2017/11xxx/CVE-2017-11437.json +++ b/2017/11xxx/CVE-2017-11437.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11841.json b/2017/11xxx/CVE-2017-11841.json index 92d583fb635..df8c27b089f 100644 --- a/2017/11xxx/CVE-2017-11841.json +++ b/2017/11xxx/CVE-2017-11841.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43181", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43181/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11841", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11841" - }, - { - "name" : "101733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101733" - }, - { - "name" : "1039780", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43181", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43181/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11841", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11841" + }, + { + "name": "1039780", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039780" + }, + { + "name": "101733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101733" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11892.json b/2017/11xxx/CVE-2017-11892.json index e7211ef8d12..999c243a40e 100644 --- a/2017/11xxx/CVE-2017-11892.json +++ b/2017/11xxx/CVE-2017-11892.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11892", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11892", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14202.json b/2017/14xxx/CVE-2017-14202.json index 0ac05a837eb..7926dcef42b 100644 --- a/2017/14xxx/CVE-2017-14202.json +++ b/2017/14xxx/CVE-2017-14202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14366.json b/2017/14xxx/CVE-2017-14366.json index 7f25400464c..f14aada13b4 100644 --- a/2017/14xxx/CVE-2017-14366.json +++ b/2017/14xxx/CVE-2017-14366.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14366", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14366", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14372.json b/2017/14xxx/CVE-2017-14372.json index 481ad6549f7..b7392b95553 100644 --- a/2017/14xxx/CVE-2017-14372.json +++ b/2017/14xxx/CVE-2017-14372.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-14372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Archer GRC Platform prior to 6.2.0.5", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Archer GRC Platform prior to 6.2.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected Cross Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-14372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Archer GRC Platform prior to 6.2.0.5", + "version": { + "version_data": [ + { + "version_value": "RSA Archer GRC Platform prior to 6.2.0.5" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Oct/12", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Oct/12" - }, - { - "name" : "101195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101195" - }, - { - "name" : "1039518", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101195" + }, + { + "name": "1039518", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039518" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Oct/12", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Oct/12" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15003.json b/2017/15xxx/CVE-2017-15003.json index b9c1dabf0fd..91dc72689fb 100644 --- a/2017/15xxx/CVE-2017-15003.json +++ b/2017/15xxx/CVE-2017-15003.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15003", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15003", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15344.json b/2017/15xxx/CVE-2017-15344.json index 7b6c6fa5996..baee5c1ea42 100644 --- a/2017/15xxx/CVE-2017-15344.json +++ b/2017/15xxx/CVE-2017-15344.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-15344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AR3200", - "version" : { - "version_data" : [ - { - "version_value" : "V200R006C10,V200R006C11,V200R007C00,V200R007C01,V200R007C02,V200R008C00,V200R008C10,V200R008C20,V200R008C30" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "integer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-15344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AR3200", + "version": { + "version_data": [ + { + "version_value": "V200R006C10,V200R006C11,V200R007C00,V200R007C01,V200R007C02,V200R008C00,V200R008C10,V200R008C20,V200R008C30" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8214.json b/2017/8xxx/CVE-2017-8214.json index 47b18cb7505..f60950986c0 100644 --- a/2017/8xxx/CVE-2017-8214.json +++ b/2017/8xxx/CVE-2017-8214.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto", - "version" : { - "version_data" : [ - { - "version_value" : "versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unlpermission controlock code verification bypassing" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto", + "version": { + "version_data": [ + { + "version_value": "versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unlpermission controlock code verification bypassing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8697.json b/2017/8xxx/CVE-2017-8697.json index 50785804225..32476fee0a1 100644 --- a/2017/8xxx/CVE-2017-8697.json +++ b/2017/8xxx/CVE-2017-8697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8697", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8697", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8729.json b/2017/8xxx/CVE-2017-8729.json index e9e9b535500..895967fade2 100644 --- a/2017/8xxx/CVE-2017-8729.json +++ b/2017/8xxx/CVE-2017-8729.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1703" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1703" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42763", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42763/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8729", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8729" - }, - { - "name" : "100733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100733" - }, - { - "name" : "1039342", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100733" + }, + { + "name": "1039342", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039342" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8729", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8729" + }, + { + "name": "42763", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42763/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9889.json b/2017/9xxx/CVE-2017-9889.json index 9a92356611c..71524429232 100644 --- a/2017/9xxx/CVE-2017-9889.json +++ b/2017/9xxx/CVE-2017-9889.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a \"Read Access Violation starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000003714.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9889", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9889" - }, - { - "name" : "http://www.irfanview.com/plugins.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.com/plugins.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a \"Read Access Violation starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000003714.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irfanview.com/plugins.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.com/plugins.htm" + }, + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9889", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9889" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000550.json b/2018/1000xxx/CVE-2018-1000550.json index fc081cf79dc..42233293bc9 100644 --- a/2018/1000xxx/CVE-2018-1000550.json +++ b/2018/1000xxx/CVE-2018-1000550.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.073045", - "DATE_REQUESTED" : "2018-04-19T15:27:54", - "ID" : "CVE-2018-1000550", - "REQUESTER" : "ikeda@conversion.co.jp", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sympa", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 6.2.32" - } - ] - } - } - ] - }, - "vendor_name" : "The Sympa Community" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.073045", + "DATE_REQUESTED": "2018-04-19T15:27:54", + "ID": "CVE-2018-1000550", + "REQUESTER": "ikeda@conversion.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180724 [SECURITY] [DLA 1441-1] sympa security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html" - }, - { - "name" : "https://sympa-community.github.io/security/2018-001.html", - "refsource" : "MISC", - "url" : "https://sympa-community.github.io/security/2018-001.html" - }, - { - "name" : "DSA-4285", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sympa-community.github.io/security/2018-001.html", + "refsource": "MISC", + "url": "https://sympa-community.github.io/security/2018-001.html" + }, + { + "name": "DSA-4285", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4285" + }, + { + "name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1441-1] sympa security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000649.json b/2018/1000xxx/CVE-2018-1000649.json index 64c42f54df7..104ffde9b98 100644 --- a/2018/1000xxx/CVE-2018-1000649.json +++ b/2018/1000xxx/CVE-2018-1000649.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-19T17:09:33.125159", - "DATE_REQUESTED" : "2018-08-08T14:41:59", - "ID" : "CVE-2018-1000649", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "lh-ehr", - "version" : { - "version_data" : [ - { - "version_value" : "REL-2.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "LibreHealthIO" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authenticated Unrestricted File Write in letter.php (2) " - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-19T17:09:33.125159", + "DATE_REQUESTED": "2018-08-08T14:41:59", + "ID": "CVE-2018-1000649", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/" - }, - { - "name" : "https://github.com/LibreHealthIO/lh-ehr/issues/1214", - "refsource" : "MISC", - "url" : "https://github.com/LibreHealthIO/lh-ehr/issues/1214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LibreHealthIO/lh-ehr/issues/1214", + "refsource": "MISC", + "url": "https://github.com/LibreHealthIO/lh-ehr/issues/1214" + }, + { + "name": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12596.json b/2018/12xxx/CVE-2018-12596.json index 039c4c41688..e456322dc08 100644 --- a/2018/12xxx/CVE-2018-12596.json +++ b/2018/12xxx/CVE-2018-12596.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the \"activateuser.aspx\" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45577", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45577/" - }, - { - "name" : "20181008 Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018-12596)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Oct/15" - }, - { - "name" : "https://github.com/alt3kx/CVE-2018-12596", - "refsource" : "MISC", - "url" : "https://github.com/alt3kx/CVE-2018-12596" - }, - { - "name" : "https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158", - "refsource" : "MISC", - "url" : "https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the \"activateuser.aspx\" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45577", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45577/" + }, + { + "name": "20181008 Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018-12596)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Oct/15" + }, + { + "name": "https://github.com/alt3kx/CVE-2018-12596", + "refsource": "MISC", + "url": "https://github.com/alt3kx/CVE-2018-12596" + }, + { + "name": "https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158", + "refsource": "MISC", + "url": "https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13058.json b/2018/13xxx/CVE-2018-13058.json index 23e7f2a9e96..1af87ac7565 100644 --- a/2018/13xxx/CVE-2018-13058.json +++ b/2018/13xxx/CVE-2018-13058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13058", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13058", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13090.json b/2018/13xxx/CVE-2018-13090.json index fb4fcf762f0..331655a41a0 100644 --- a/2018/13xxx/CVE-2018-13090.json +++ b/2018/13xxx/CVE-2018-13090.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VenusADLab/EtherTokens/blob/master/YiTongCoin/YiTongCoin.md", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/blob/master/YiTongCoin/YiTongCoin.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VenusADLab/EtherTokens/blob/master/YiTongCoin/YiTongCoin.md", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/blob/master/YiTongCoin/YiTongCoin.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13121.json b/2018/13xxx/CVE-2018-13121.json index 72e47487738..63bab2fc337 100644 --- a/2018/13xxx/CVE-2018-13121.json +++ b/2018/13xxx/CVE-2018-13121.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/921580451/RealOnePlayer-sBug/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/921580451/RealOnePlayer-sBug/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/921580451/RealOnePlayer-sBug/issues/1", + "refsource": "MISC", + "url": "https://github.com/921580451/RealOnePlayer-sBug/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13829.json b/2018/13xxx/CVE-2018-13829.json index 62688086d0a..9fd07795b6c 100644 --- a/2018/13xxx/CVE-2018-13829.json +++ b/2018/13xxx/CVE-2018-13829.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13829", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13829", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16088.json b/2018/16xxx/CVE-2018-16088.json index a0f7e5954dd..1960d2862ba 100644 --- a/2018/16xxx/CVE-2018-16088.json +++ b/2018/16xxx/CVE-2018-16088.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-16088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "69.0.3497.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Policy bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-16088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "69.0.3497.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/848531", - "refsource" : "MISC", - "url" : "https://crbug.com/848531" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:2666", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Policy bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/848531", + "refsource": "MISC", + "url": "https://crbug.com/848531" + }, + { + "name": "RHSA-2018:2666", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2666" + }, + { + "name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16195.json b/2018/16xxx/CVE-2018-16195.json index c7b195d292f..8cdfd5b5467 100644 --- a/2018/16xxx/CVE-2018-16195.json +++ b/2018/16xxx/CVE-2018-16195.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Aterm WF1200CR and Aterm WG1200CR", - "version" : { - "version_data" : [ - { - "version_value" : "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "NEC Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm WF1200CR and Aterm WG1200CR", + "version": { + "version_data": [ + { + "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jpn.nec.com/security-info/secinfo/nv18-021.html", - "refsource" : "MISC", - "url" : "https://jpn.nec.com/security-info/secinfo/nv18-021.html" - }, - { - "name" : "JVN#87535892", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN87535892/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#87535892", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN87535892/index.html" + }, + { + "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html", + "refsource": "MISC", + "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16454.json b/2018/16xxx/CVE-2018-16454.json index b2d37229eb7..f84093c03a7 100644 --- a/2018/16xxx/CVE-2018-16454.json +++ b/2018/16xxx/CVE-2018-16454.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://googlequeens.com/2018/09/04/cve-2018-16454-currency-converter-script-2-0-5-has-buffer-overflow", - "refsource" : "MISC", - "url" : "https://googlequeens.com/2018/09/04/cve-2018-16454-currency-converter-script-2-0-5-has-buffer-overflow" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://googlequeens.com/2018/09/04/cve-2018-16454-currency-converter-script-2-0-5-has-buffer-overflow", + "refsource": "MISC", + "url": "https://googlequeens.com/2018/09/04/cve-2018-16454-currency-converter-script-2-0-5-has-buffer-overflow" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16685.json b/2018/16xxx/CVE-2018-16685.json index 18ce9a69258..98d1f32793a 100644 --- a/2018/16xxx/CVE-2018-16685.json +++ b/2018/16xxx/CVE-2018-16685.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16685", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16685", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16718.json b/2018/16xxx/CVE-2018-16718.json index 6bce04aff57..05b233594e8 100644 --- a/2018/16xxx/CVE-2018-16718.json +++ b/2018/16xxx/CVE-2018-16718.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16718", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16718", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4049.json b/2018/4xxx/CVE-2018-4049.json index 613122e1528..77da08a0c10 100644 --- a/2018/4xxx/CVE-2018-4049.json +++ b/2018/4xxx/CVE-2018-4049.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4049", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4049", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4574.json b/2018/4xxx/CVE-2018-4574.json index 6f9611ad418..1d31d0ec257 100644 --- a/2018/4xxx/CVE-2018-4574.json +++ b/2018/4xxx/CVE-2018-4574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4574", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4574", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4699.json b/2018/4xxx/CVE-2018-4699.json index f0fd49c932b..ff3ef08e42d 100644 --- a/2018/4xxx/CVE-2018-4699.json +++ b/2018/4xxx/CVE-2018-4699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4699", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4699", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4822.json b/2018/4xxx/CVE-2018-4822.json index 98683162ec6..9f0d4c6d942 100644 --- a/2018/4xxx/CVE-2018-4822.json +++ b/2018/4xxx/CVE-2018-4822.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4822", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4822", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file