diff --git a/2004/0xxx/CVE-2004-0017.json b/2004/0xxx/CVE-2004-0017.json index 6d65b001372..82ba1316b25 100644 --- a/2004/0xxx/CVE-2004-0017.json +++ b/2004/0xxx/CVE-2004-0017.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-419", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-419" - }, - { - "name" : "9386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9386" - }, - { - "name" : "1008662", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008662" - }, - { - "name" : "10591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-419", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-419" + }, + { + "name": "9386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9386" + }, + { + "name": "1008662", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008662" + }, + { + "name": "10591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10591" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0275.json b/2004/0xxx/CVE-2004-0275.json index 521febecd0e..73002ee72e5 100644 --- a/2004/0xxx/CVE-2004-0275.json +++ b/2004/0xxx/CVE-2004-0275.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040211 ZH2004-05SA (security advisory): Sql Injection Vulnerability in BosDates", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107651618613575&w=2" - }, - { - "name" : "http://www.zone-h.org/en/advisories/read/id=3925/", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/en/advisories/read/id=3925/" - }, - { - "name" : "bosdates-calendar-sql-injection(15133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15133" - }, - { - "name" : "9639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040211 ZH2004-05SA (security advisory): Sql Injection Vulnerability in BosDates", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107651618613575&w=2" + }, + { + "name": "9639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9639" + }, + { + "name": "bosdates-calendar-sql-injection(15133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15133" + }, + { + "name": "http://www.zone-h.org/en/advisories/read/id=3925/", + "refsource": "MISC", + "url": "http://www.zone-h.org/en/advisories/read/id=3925/" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0288.json b/2004/0xxx/CVE-2004-0288.json index 98d6ad4edde..5a053be29e3 100644 --- a/2004/0xxx/CVE-2004-0288.json +++ b/2004/0xxx/CVE-2004-0288.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040215 Buffer overflow in mnoGoSearch", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107695139930726&w=2" - }, - { - "name" : "mnogosearch-udmdoctotextbuf-bo(15209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15209" - }, - { - "name" : "9667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mnogosearch-udmdoctotextbuf-bo(15209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15209" + }, + { + "name": "9667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9667" + }, + { + "name": "20040215 Buffer overflow in mnoGoSearch", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107695139930726&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0394.json b/2004/0xxx/CVE-2004-0394.json index 6e20c624999..211c87d437e 100644 --- a/2004/0xxx/CVE-2004-0394.json +++ b/2004/0xxx/CVE-2004-0394.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A \"potential\" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2004:846", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846" - }, - { - "name" : "DSA-1070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1070" - }, - { - "name" : "DSA-1067", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1067" - }, - { - "name" : "DSA-1069", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1069" - }, - { - "name" : "DSA-1082", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1082" - }, - { - "name" : "GLSA-200407-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml" - }, - { - "name" : "MDKSA-2004:037", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037" - }, - { - "name" : "[fedora-announce] 20040422 Fedora alert FEDORA-2004-111 (kernel)", - "refsource" : "MLIST", - "url" : "http://lwn.net/Articles/81773/" - }, - { - "name" : "ESA-20040428-004", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" - }, - { - "name" : "20040504-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc" - }, - { - "name" : "20040505-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc" - }, - { - "name" : "SuSE-SA:2004:010", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" - }, - { - "name" : "10233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10233" - }, - { - "name" : "20162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20162" - }, - { - "name" : "20163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20163" - }, - { - "name" : "20202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20202" - }, - { - "name" : "20338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20338" - }, - { - "name" : "linux-panic-bo(15953)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A \"potential\" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20163" + }, + { + "name": "DSA-1082", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1082" + }, + { + "name": "10233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10233" + }, + { + "name": "SuSE-SA:2004:010", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" + }, + { + "name": "DSA-1070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1070" + }, + { + "name": "20162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20162" + }, + { + "name": "MDKSA-2004:037", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037" + }, + { + "name": "linux-panic-bo(15953)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15953" + }, + { + "name": "[fedora-announce] 20040422 Fedora alert FEDORA-2004-111 (kernel)", + "refsource": "MLIST", + "url": "http://lwn.net/Articles/81773/" + }, + { + "name": "DSA-1067", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1067" + }, + { + "name": "CLA-2004:846", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846" + }, + { + "name": "DSA-1069", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1069" + }, + { + "name": "20040504-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc" + }, + { + "name": "ESA-20040428-004", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" + }, + { + "name": "20040505-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc" + }, + { + "name": "20202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20202" + }, + { + "name": "GLSA-200407-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200407-02.xml" + }, + { + "name": "20338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20338" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0587.json b/2004/0xxx/CVE-2004-0587.json index dfc01594370..95151bbb27e 100644 --- a/2004/0xxx/CVE-2004-0587.json +++ b/2004/0xxx/CVE-2004-0587.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FEDORA-2004-186", - "refsource" : "FEDORA", - "url" : "http://lwn.net/Articles/91155/" - }, - { - "name" : "MDKSA-2004:066", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066" - }, - { - "name" : "RHSA-2004:413", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-413.html" - }, - { - "name" : "RHSA-2004:418", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-418.html" - }, - { - "name" : "20040804-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc" - }, - { - "name" : "SuSE-SA:2004:010", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" - }, - { - "name" : "10279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10279" - }, - { - "name" : "oval:org.mitre.oval:def:9398", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398" - }, - { - "name" : "1010057", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010057" - }, - { - "name" : "suse-hbaapinode-dos(16062)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1010057", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010057" + }, + { + "name": "RHSA-2004:413", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-413.html" + }, + { + "name": "RHSA-2004:418", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-418.html" + }, + { + "name": "oval:org.mitre.oval:def:9398", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398" + }, + { + "name": "SuSE-SA:2004:010", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" + }, + { + "name": "FEDORA-2004-186", + "refsource": "FEDORA", + "url": "http://lwn.net/Articles/91155/" + }, + { + "name": "suse-hbaapinode-dos(16062)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16062" + }, + { + "name": "10279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10279" + }, + { + "name": "MDKSA-2004:066", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066" + }, + { + "name": "20040804-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1177.json b/2004/1xxx/CVE-2004-1177.json index 8056fbb6851..5610d44b456 100644 --- a/2004/1xxx/CVE-2004-1177.json +++ b/2004/1xxx/CVE-2004-1177.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050110 [USN-59-1] mailman vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110549296126351&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555" - }, - { - "name" : "DSA-674", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-674" - }, - { - "name" : "MDKSA-2005:015", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:015" - }, - { - "name" : "RHSA-2005:235", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-235.html" - }, - { - "name" : "SUSE-SA:2005:007", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_07_mailman.html" - }, - { - "name" : "oval:org.mitre.oval:def:11113", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11113" - }, - { - "name" : "13603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13603" - }, - { - "name" : "mailman-script-driver-xss(18854)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050110 [USN-59-1] mailman vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110549296126351&w=2" + }, + { + "name": "mailman-script-driver-xss(18854)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18854" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555" + }, + { + "name": "13603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13603" + }, + { + "name": "MDKSA-2005:015", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:015" + }, + { + "name": "SUSE-SA:2005:007", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html" + }, + { + "name": "DSA-674", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-674" + }, + { + "name": "RHSA-2005:235", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-235.html" + }, + { + "name": "oval:org.mitre.oval:def:11113", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11113" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1495.json b/2004/1xxx/CVE-2004-1495.json index 574be9a6727..cfeb8008f40 100644 --- a/2004/1xxx/CVE-2004-1495.json +++ b/2004/1xxx/CVE-2004-1495.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041102 Medium Risk Vulnerability in WinRAR", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109941351432699&w=2" - }, - { - "name" : "http://www.rarlabs.com/rarnew.htm", - "refsource" : "CONFIRM", - "url" : "http://www.rarlabs.com/rarnew.htm" - }, - { - "name" : "11581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11581" - }, - { - "name" : "13070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13070" - }, - { - "name" : "winrar-repair-archive(17937)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041102 Medium Risk Vulnerability in WinRAR", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109941351432699&w=2" + }, + { + "name": "13070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13070" + }, + { + "name": "winrar-repair-archive(17937)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17937" + }, + { + "name": "http://www.rarlabs.com/rarnew.htm", + "refsource": "CONFIRM", + "url": "http://www.rarlabs.com/rarnew.htm" + }, + { + "name": "11581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11581" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1604.json b/2004/1xxx/CVE-2004-1604.json index 07067111210..925f7f425bf 100644 --- a/2004/1xxx/CVE-2004-1604.json +++ b/2004/1xxx/CVE-2004-1604.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041018 cPanel symlink chmod issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109811762230326&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041018 cPanel symlink chmod issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109811762230326&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1778.json b/2004/1xxx/CVE-2004-1778.json index e33754a91e1..a21e09dea57 100644 --- a/2004/1xxx/CVE-2004-1778.json +++ b/2004/1xxx/CVE-2004-1778.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041222 Permission problem in Skype BETA for linux", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110374568916303&w=2" - }, - { - "name" : "20050216 Re: Permission problem in Skype BETA for linux", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110868557905786&w=2" - }, - { - "name" : "12081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12081" - }, - { - "name" : "skype-lang-insecure-permissions(18644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050216 Re: Permission problem in Skype BETA for linux", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110868557905786&w=2" + }, + { + "name": "20041222 Permission problem in Skype BETA for linux", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110374568916303&w=2" + }, + { + "name": "12081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12081" + }, + { + "name": "skype-lang-insecure-permissions(18644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18644" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1935.json b/2004/1xxx/CVE-2004-1935.json index 9df7c726add..a0550681d48 100644 --- a/2004/1xxx/CVE-2004-1935.json +++ b/2004/1xxx/CVE-2004-1935.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040415 SCT javascript execution vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108207280917231&w=2" - }, - { - "name" : "10154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10154" - }, - { - "name" : "11396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11396" - }, - { - "name" : "sct-campus-attachment-xss(15878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11396" + }, + { + "name": "20040415 SCT javascript execution vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108207280917231&w=2" + }, + { + "name": "10154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10154" + }, + { + "name": "sct-campus-attachment-xss(15878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15878" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2577.json b/2004/2xxx/CVE-2004-2577.json index 2c27c057451..ae3fcee3f02 100644 --- a/2004/2xxx/CVE-2004-2577.json +++ b/2004/2xxx/CVE-2004-2577.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://savannah.gnu.org/bugs/?func=detailitem&item_id=7227", - "refsource" : "CONFIRM", - "url" : "https://savannah.gnu.org/bugs/?func=detailitem&item_id=7227" - }, - { - "name" : "12237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12237" - }, - { - "name" : "7618", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7618", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7618" + }, + { + "name": "12237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12237" + }, + { + "name": "https://savannah.gnu.org/bugs/?func=detailitem&item_id=7227", + "refsource": "CONFIRM", + "url": "https://savannah.gnu.org/bugs/?func=detailitem&item_id=7227" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2149.json b/2008/2xxx/CVE-2008-2149.json index 7f046fc914b..ae5aae2058e 100644 --- a/2008/2xxx/CVE-2008-2149.json +++ b/2008/2xxx/CVE-2008-2149.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=211491", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=211491" - }, - { - "name" : "DSA-1634", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1634" - }, - { - "name" : "GLSA-200810-01", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200810-01.xml" - }, - { - "name" : "MDVSA-2008:182", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:182" - }, - { - "name" : "29208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29208" - }, - { - "name" : "ADV-2008-1527", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1527/references" - }, - { - "name" : "30242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30242" - }, - { - "name" : "31654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31654" - }, - { - "name" : "32184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32184" - }, - { - "name" : "wordnet-searchwn-bo(42378)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30242" + }, + { + "name": "MDVSA-2008:182", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:182" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=211491", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=211491" + }, + { + "name": "31654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31654" + }, + { + "name": "32184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32184" + }, + { + "name": "wordnet-searchwn-bo(42378)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42378" + }, + { + "name": "DSA-1634", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1634" + }, + { + "name": "GLSA-200810-01", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200810-01.xml" + }, + { + "name": "ADV-2008-1527", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1527/references" + }, + { + "name": "29208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29208" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2191.json b/2008/2xxx/CVE-2008-2191.json index c0703a68c27..e1f5a6122b2 100644 --- a/2008/2xxx/CVE-2008-2191.json +++ b/2008/2xxx/CVE-2008-2191.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080505 [ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491606/100/0/threaded" - }, - { - "name" : "5541", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5541" - }, - { - "name" : "29046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29046" - }, - { - "name" : "3876", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3876" - }, - { - "name" : "pnencyclopedia-index-sql-injection(42185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pnencyclopedia-index-sql-injection(42185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42185" + }, + { + "name": "20080505 [ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491606/100/0/threaded" + }, + { + "name": "3876", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3876" + }, + { + "name": "29046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29046" + }, + { + "name": "5541", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5541" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2453.json b/2008/2xxx/CVE-2008-2453.json index c33b1e51e22..273a29038b5 100644 --- a/2008/2xxx/CVE-2008-2453.json +++ b/2008/2xxx/CVE-2008-2453.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5599", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5599" - }, - { - "name" : "29169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29169" - }, - { - "name" : "30209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30209" - }, - { - "name" : "phpclassifiedsscript-fatherid-sql-injection(42380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29169" + }, + { + "name": "30209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30209" + }, + { + "name": "phpclassifiedsscript-fatherid-sql-injection(42380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42380" + }, + { + "name": "5599", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5599" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2777.json b/2008/2xxx/CVE-2008-2777.json index f3c546cdd99..bf69b9ab66b 100644 --- a/2008/2xxx/CVE-2008-2777.json +++ b/2008/2xxx/CVE-2008-2777.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ortro.net/changelog#release_1.3.1_2008.05.27", - "refsource" : "CONFIRM", - "url" : "http://www.ortro.net/changelog#release_1.3.1_2008.05.27" - }, - { - "name" : "30398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30398" - }, - { - "name" : "ADV-2008-1679", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1679/references" - }, - { - "name" : "ortro-unspecified-xss(42657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1679", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1679/references" + }, + { + "name": "http://www.ortro.net/changelog#release_1.3.1_2008.05.27", + "refsource": "CONFIRM", + "url": "http://www.ortro.net/changelog#release_1.3.1_2008.05.27" + }, + { + "name": "ortro-unspecified-xss(42657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42657" + }, + { + "name": "30398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30398" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2786.json b/2008/2xxx/CVE-2008-2786.json index c19cbd219c9..66f77528bb1 100644 --- a/2008/2xxx/CVE-2008-2786.json +++ b/2008/2xxx/CVE-2008-2786.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080618 Coming soon : Firefox 3 Release overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html" - }, - { - "name" : "29794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29794" - }, - { - "name" : "mozilla-firefox-unspecified-bo(43317)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29794" + }, + { + "name": "mozilla-firefox-unspecified-bo(43317)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43317" + }, + { + "name": "20080618 Coming soon : Firefox 3 Release overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3035.json b/2008/3xxx/CVE-2008-3035.json index 12e32a79797..ac0d5ca5c3b 100644 --- a/2008/3xxx/CVE-2008-3035.json +++ b/2008/3xxx/CVE-2008-3035.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5991", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5991" - }, - { - "name" : "30059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30059" - }, - { - "name" : "30919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30919" - }, - { - "name" : "xchangeboard-newthread-sql-injection(43529)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xchangeboard-newthread-sql-injection(43529)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43529" + }, + { + "name": "5991", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5991" + }, + { + "name": "30059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30059" + }, + { + "name": "30919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30919" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3148.json b/2008/3xxx/CVE-2008-3148.json index d6891c228ed..4fb52ba6e86 100644 --- a/2008/3xxx/CVE-2008-3148.json +++ b/2008/3xxx/CVE-2008-3148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f allows user-assisted attackers to execute arbitrary code via a crafted DLL file that contains a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6031", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6031" - }, - { - "name" : "30139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30139" - }, - { - "name" : "imprec-exportmacro-names-bo(43675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43675" - }, - { - "name" : "ollydbg-exportmacro-names-bo(43673)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f allows user-assisted attackers to execute arbitrary code via a crafted DLL file that contains a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imprec-exportmacro-names-bo(43675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43675" + }, + { + "name": "6031", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6031" + }, + { + "name": "ollydbg-exportmacro-names-bo(43673)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43673" + }, + { + "name": "30139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30139" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3252.json b/2008/3xxx/CVE-2008-3252.json index 6a6f28bb778..83cda92d541 100644 --- a/2008/3xxx/CVE-2008-3252.json +++ b/2008/3xxx/CVE-2008-3252.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=454483", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=454483" - }, - { - "name" : "DSA-1622", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1622" - }, - { - "name" : "FEDORA-2008-6319", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html" - }, - { - "name" : "FEDORA-2008-6321", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html" - }, - { - "name" : "30231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30231" - }, - { - "name" : "31080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31080" - }, - { - "name" : "31307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31307" - }, - { - "name" : "newsx-readarticle-bo(43844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "newsx-readarticle-bo(43844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43844" + }, + { + "name": "31307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31307" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=454483", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454483" + }, + { + "name": "31080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31080" + }, + { + "name": "DSA-1622", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1622" + }, + { + "name": "30231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30231" + }, + { + "name": "FEDORA-2008-6321", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html" + }, + { + "name": "FEDORA-2008-6319", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3956.json b/2008/3xxx/CVE-2008-3956.json index 0fc870f82de..e3035d66f42 100644 --- a/2008/3xxx/CVE-2008-3956.json +++ b/2008/3xxx/CVE-2008-3956.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nullcode.com.ar/ncs/crash/orgchart.htm", - "refsource" : "MISC", - "url" : "http://www.nullcode.com.ar/ncs/crash/orgchart.htm" - }, - { - "name" : "31059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31059" - }, - { - "name" : "microsoft-organizationchart-code-execution(44993)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "microsoft-organizationchart-code-execution(44993)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44993" + }, + { + "name": "http://www.nullcode.com.ar/ncs/crash/orgchart.htm", + "refsource": "MISC", + "url": "http://www.nullcode.com.ar/ncs/crash/orgchart.htm" + }, + { + "name": "31059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31059" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6398.json b/2008/6xxx/CVE-2008-6398.json index abe1faf5182..f092960949e 100644 --- a/2008/6xxx/CVE-2008-6398.json +++ b/2008/6xxx/CVE-2008-6398.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-devel/2008/08/msg00283.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496407", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496407" - }, - { - "name" : "30965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30965" - }, - { - "name" : "sng-sngregress-symlink(44881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sng-sngregress-symlink(44881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44881" + }, + { + "name": "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-devel/2008/08/msg00283.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496407", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496407" + }, + { + "name": "30965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30965" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6564.json b/2008/6xxx/CVE-2008-6564.json index e3280e917a4..ff8ff00e304 100644 --- a/2008/6xxx/CVE-2008-6564.json +++ b/2008/6xxx/CVE-2008-6564.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC", - "refsource" : "MISC", - "url" : "http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455" - }, - { - "name" : "28691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28691" - }, - { - "name" : "44379", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44379" - }, - { - "name" : "1019847", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019847" - }, - { - "name" : "29747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29747" - }, - { - "name" : "nortel-unistim-dos(41801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455" + }, + { + "name": "nortel-unistim-dos(41801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41801" + }, + { + "name": "44379", + "refsource": "OSVDB", + "url": "http://osvdb.org/44379" + }, + { + "name": "29747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29747" + }, + { + "name": "http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC", + "refsource": "MISC", + "url": "http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC" + }, + { + "name": "28691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28691" + }, + { + "name": "1019847", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019847" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6669.json b/2008/6xxx/CVE-2008-6669.json index 30d125ff445..578875d8694 100644 --- a/2008/6xxx/CVE-2008-6669.json +++ b/2008/6xxx/CVE-2008-6669.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5856", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5856" - }, - { - "name" : "29804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29804" - }, - { - "name" : "nweb2fax-viewrq-command-execution(43174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5856", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5856" + }, + { + "name": "29804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29804" + }, + { + "name": "nweb2fax-viewrq-command-execution(43174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43174" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6912.json b/2008/6xxx/CVE-2008-6912.json index 649511766ac..be87a5164a3 100644 --- a/2008/6xxx/CVE-2008-6912.json +++ b/2008/6xxx/CVE-2008-6912.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7066", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7066" - }, - { - "name" : "32222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32222" - }, - { - "name" : "49746", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49746" - }, - { - "name" : "ADV-2008-3069", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3069" - }, - { - "name" : "shaadiclone-home-auth-bypass(46502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32222" + }, + { + "name": "ADV-2008-3069", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3069" + }, + { + "name": "49746", + "refsource": "OSVDB", + "url": "http://osvdb.org/49746" + }, + { + "name": "7066", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7066" + }, + { + "name": "shaadiclone-home-auth-bypass(46502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46502" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6978.json b/2008/6xxx/CVE-2008-6978.json index d568d188d75..68e9138e526 100644 --- a/2008/6xxx/CVE-2008-6978.json +++ b/2008/6xxx/CVE-2008-6978.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6357", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6357" - }, - { - "name" : "6420", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6420" - }, - { - "name" : "30996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30996" - }, - { - "name" : "47913", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/47913" - }, - { - "name" : "31649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31649" - }, - { - "name" : "aspwebalbum-image-file-upload(44876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31649" + }, + { + "name": "30996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30996" + }, + { + "name": "6420", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6420" + }, + { + "name": "6357", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6357" + }, + { + "name": "47913", + "refsource": "OSVDB", + "url": "http://osvdb.org/47913" + }, + { + "name": "aspwebalbum-image-file-upload(44876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44876" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6993.json b/2008/6xxx/CVE-2008-6993.json index 294a13abc97..789b643a98a 100644 --- a/2008/6xxx/CVE-2008-6993.json +++ b/2008/6xxx/CVE-2008-6993.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30973" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7037.json b/2008/7xxx/CVE-2008-7037.json index dd1ab8763f9..c0f57f4d04e 100644 --- a/2008/7xxx/CVE-2008-7037.json +++ b/2008/7xxx/CVE-2008-7037.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mwrinfosecurity.com/publications/mwri_itn-news-gadget-advisory_2008-02-04.pdf", - "refsource" : "MISC", - "url" : "http://www.mwrinfosecurity.com/publications/mwri_itn-news-gadget-advisory_2008-02-04.pdf" - }, - { - "name" : "27725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27725" - }, - { - "name" : "itnnewsgadget-shorttitle-xss(43563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "itnnewsgadget-shorttitle-xss(43563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43563" + }, + { + "name": "http://www.mwrinfosecurity.com/publications/mwri_itn-news-gadget-advisory_2008-02-04.pdf", + "refsource": "MISC", + "url": "http://www.mwrinfosecurity.com/publications/mwri_itn-news-gadget-advisory_2008-02-04.pdf" + }, + { + "name": "27725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27725" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2383.json b/2013/2xxx/CVE-2013-2383.json index 00d8fb7587a..7569addf884 100644 --- a/2013/2xxx/CVE-2013-2383.json +++ b/2013/2xxx/CVE-2013-2383.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"handling of [a] glyph table\" in the International Components for Unicode (ICU) Layout Engine before 51.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" - }, - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952708", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952708" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" - }, - { - "name" : "http://bugs.icu-project.org/trac/ticket/10107", - "refsource" : "CONFIRM", - "url" : "http://bugs.icu-project.org/trac/ticket/10107" - }, - { - "name" : "http://site.icu-project.org/download/51#TOC-Known-Issues", - "refsource" : "CONFIRM", - "url" : "http://site.icu-project.org/download/51#TOC-Known-Issues" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "APPLE-SA-2013-04-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02889", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "SSRT101252", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "HPSBUX02922", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "SSRT101305", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "MDVSA-2013:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" - }, - { - "name" : "MDVSA-2013:161", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" - }, - { - "name" : "RHSA-2013:0752", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" - }, - { - "name" : "RHSA-2013:0757", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" - }, - { - "name" : "RHSA-2013:0758", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "SUSE-SU-2013:0814", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" - }, - { - "name" : "SUSE-SU-2013:0835", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html" - }, - { - "name" : "SUSE-SU-2013:0871", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html" - }, - { - "name" : "SUSE-SU-2013:0934", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" - }, - { - "name" : "USN-1806-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1806-1" - }, - { - "name" : "TA13-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" - }, - { - "name" : "59190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59190" - }, - { - "name" : "oval:org.mitre.oval:def:16564", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16564" - }, - { - "name" : "oval:org.mitre.oval:def:19291", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19291" - }, - { - "name" : "oval:org.mitre.oval:def:19725", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"handling of [a] glyph table\" in the International Components for Unicode (ICU) Layout Engine before 51.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16564", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16564" + }, + { + "name": "SUSE-SU-2013:0835", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" + }, + { + "name": "SUSE-SU-2013:0871", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html" + }, + { + "name": "RHSA-2013:0758", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html" + }, + { + "name": "http://site.icu-project.org/download/51#TOC-Known-Issues", + "refsource": "CONFIRM", + "url": "http://site.icu-project.org/download/51#TOC-Known-Issues" + }, + { + "name": "APPLE-SA-2013-04-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" + }, + { + "name": "MDVSA-2013:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" + }, + { + "name": "oval:org.mitre.oval:def:19291", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19291" + }, + { + "name": "TA13-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7" + }, + { + "name": "SSRT101252", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT101305", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "RHSA-2013:0757", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html" + }, + { + "name": "HPSBUX02922", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "59190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59190" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" + }, + { + "name": "openSUSE-SU-2013:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" + }, + { + "name": "MDVSA-2013:161", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" + }, + { + "name": "oval:org.mitre.oval:def:19725", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19725" + }, + { + "name": "openSUSE-SU-2013:0964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" + }, + { + "name": "RHSA-2013:0752", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html" + }, + { + "name": "http://bugs.icu-project.org/trac/ticket/10107", + "refsource": "CONFIRM", + "url": "http://bugs.icu-project.org/trac/ticket/10107" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "USN-1806-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1806-1" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "SUSE-SU-2013:0814", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=952708", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952708" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" + }, + { + "name": "SUSE-SU-2013:0934", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html" + }, + { + "name": "HPSBUX02889", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2865.json b/2013/2xxx/CVE-2013-2865.json index 19795c5d1ca..9dc618069d2 100644 --- a/2013/2xxx/CVE-2013-2865.json +++ b/2013/2xxx/CVE-2013-2865.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=164263", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=164263" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=232763", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=232763" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=236245", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=236245" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=237429", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=237429" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=240057", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=240057" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=242114", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=242114" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=242502", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=242502" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=246389", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=246389" - }, - { - "name" : "DSA-2706", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2706" - }, - { - "name" : "oval:org.mitre.oval:def:16541", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=164263", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=164263" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=232763", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=232763" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=242502", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=242502" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=237429", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=237429" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=242114", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=242114" + }, + { + "name": "oval:org.mitre.oval:def:16541", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16541" + }, + { + "name": "DSA-2706", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2706" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=240057", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=240057" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=246389", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=246389" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=236245", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=236245" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11012.json b/2017/11xxx/CVE-2017-11012.json index d3b0f82f1e6..f9e42bf0646 100644 --- a/2017/11xxx/CVE-2017-11012.json +++ b/2017/11xxx/CVE-2017-11012.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-11-01T00:00:00", - "ID" : "CVE-2017-11012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based Buffer Overflow in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-11-01T00:00:00", + "ID": "CVE-2017-11012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11557.json b/2017/11xxx/CVE-2017-11557.json index 0ff38bb72f8..f24fc3abef1 100644 --- a/2017/11xxx/CVE-2017-11557.json +++ b/2017/11xxx/CVE-2017-11557.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11557", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11557", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11616.json b/2017/11xxx/CVE-2017-11616.json index c47ea4070b3..e1ef12f4cd1 100644 --- a/2017/11xxx/CVE-2017-11616.json +++ b/2017/11xxx/CVE-2017-11616.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11616", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11616", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14060.json b/2017/14xxx/CVE-2017-14060.json index 802c634ceb0..cec624e3694 100644 --- a/2017/14xxx/CVE-2017-14060.json +++ b/2017/14xxx/CVE-2017-14060.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/710", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/710" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/710", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/710" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14215.json b/2017/14xxx/CVE-2017-14215.json index c17228d54b1..6e54f352457 100644 --- a/2017/14xxx/CVE-2017-14215.json +++ b/2017/14xxx/CVE-2017-14215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14215", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14215", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14295.json b/2017/14xxx/CVE-2017-14295.json index 711fa477ef6..f735fbb7f19 100644 --- a/2017/14xxx/CVE-2017-14295.json +++ b/2017/14xxx/CVE-2017-14295.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14295", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14295", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14295" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14859.json b/2017/14xxx/CVE-2017-14859.json index cf88ed51e5b..887222f6e1b 100644 --- a/2017/14xxx/CVE-2017-14859.json +++ b/2017/14xxx/CVE-2017-14859.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494780", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494780" - }, - { - "name" : "USN-3852-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3852-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3852-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3852-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1494780", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494780" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15039.json b/2017/15xxx/CVE-2017-15039.json index 4afbbd8c69b..af9053c79ba 100644 --- a/2017/15xxx/CVE-2017-15039.json +++ b/2017/15xxx/CVE-2017-15039.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bitbucket.org/zurmo/zurmo/issues/432/cross-site-scripting", - "refsource" : "MISC", - "url" : "https://bitbucket.org/zurmo/zurmo/issues/432/cross-site-scripting" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bitbucket.org/zurmo/zurmo/issues/432/cross-site-scripting", + "refsource": "MISC", + "url": "https://bitbucket.org/zurmo/zurmo/issues/432/cross-site-scripting" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15093.json b/2017/15xxx/CVE-2017-15093.json index 63765d69976..a7d69b4ba81 100644 --- a/2017/15xxx/CVE-2017-15093.json +++ b/2017/15xxx/CVE-2017-15093.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-11-27T00:00:00", - "ID" : "CVE-2017-15093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PowerDNS Recursor", - "version" : { - "version_data" : [ - { - "version_value" : "4.x up to and including 4.0.6" - }, - { - "version_value" : "3.x up to and including 3.7.4" - } - ] - } - } - ] - }, - "vendor_name" : "PowerDNS" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-11-27T00:00:00", + "ID": "CVE-2017-15093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PowerDNS Recursor", + "version": { + "version_data": [ + { + "version_value": "4.x up to and including 4.0.6" + }, + { + "version_value": "3.x up to and including 3.7.4" + } + ] + } + } + ] + }, + "vendor_name": "PowerDNS" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html", - "refsource" : "CONFIRM", - "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html" - }, - { - "name" : "101982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101982" + }, + { + "name": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html", + "refsource": "CONFIRM", + "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15933.json b/2017/15xxx/CVE-2017-15933.json index 7d6113ee7e7..e8555fe47cf 100644 --- a/2017/15xxx/CVE-2017-15933.json +++ b/2017/15xxx/CVE-2017-15933.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_device_index.php-SQL%20injection%20vulnerability", - "refsource" : "MISC", - "url" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_device_index.php-SQL%20injection%20vulnerability" - }, - { - "name" : "101615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_device_index.php-SQL%20injection%20vulnerability", + "refsource": "MISC", + "url": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_device_index.php-SQL%20injection%20vulnerability" + }, + { + "name": "101615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101615" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15996.json b/2017/15xxx/CVE-2017-15996.json index ab155fbea1c..3cf41666206 100644 --- a/2017/15xxx/CVE-2017-15996.json +++ b/2017/15xxx/CVE-2017-15996.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22361" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" - }, - { - "name" : "GLSA-201801-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-01" - }, - { - "name" : "101608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101608" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" + }, + { + "name": "GLSA-201801-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-01" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22361" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8603.json b/2017/8xxx/CVE-2017-8603.json index a8261e98a0a..7d5dc085b78 100644 --- a/2017/8xxx/CVE-2017-8603.json +++ b/2017/8xxx/CVE-2017-8603.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-8603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Edge" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-8603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "Microsoft Edge" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8603", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8603" - }, - { - "name" : "99406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99406" - }, - { - "name" : "1038849", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038849", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038849" + }, + { + "name": "99406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99406" + }, + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8603", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8603" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9099.json b/2017/9xxx/CVE-2017-9099.json index 0d534fc660c..e9c752d4b7a 100644 --- a/2017/9xxx/CVE-2017-9099.json +++ b/2017/9xxx/CVE-2017-9099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9099", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9099", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9699.json b/2017/9xxx/CVE-2017-9699.json index d2933368c61..7b6b9b207a7 100644 --- a/2017/9xxx/CVE-2017-9699.json +++ b/2017/9xxx/CVE-2017-9699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9699", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9699", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000837.json b/2018/1000xxx/CVE-2018-1000837.json index 3e1980238f5..de7dbe55ef1 100644 --- a/2018/1000xxx/CVE-2018-1000837.json +++ b/2018/1000xxx/CVE-2018-1000837.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.473507", - "DATE_REQUESTED" : "2018-10-28T04:29:19", - "ID" : "CVE-2018-1000837", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UML Designer", - "version" : { - "version_data" : [ - { - "version_value" : "<= 8.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "UML Designer" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.473507", + "DATE_REQUESTED": "2018-10-28T04:29:19", + "ID": "CVE-2018-1000837", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/10/28/uml-designer-XXE/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/10/28/uml-designer-XXE/" - }, - { - "name" : "https://github.com/ObeoNetwork/UML-Designer/issues/1035", - "refsource" : "MISC", - "url" : "https://github.com/ObeoNetwork/UML-Designer/issues/1035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0dd.zone/2018/10/28/uml-designer-XXE/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/10/28/uml-designer-XXE/" + }, + { + "name": "https://github.com/ObeoNetwork/UML-Designer/issues/1035", + "refsource": "MISC", + "url": "https://github.com/ObeoNetwork/UML-Designer/issues/1035" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000887.json b/2018/1000xxx/CVE-2018-1000887.json index 37c13bda6f2..c63ad9a9c78 100644 --- a/2018/1000xxx/CVE-2018-1000887.json +++ b/2018/1000xxx/CVE-2018-1000887.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-26T20:07:07.995047", - "DATE_REQUESTED" : "2018-12-16T17:27:50", - "ID" : "CVE-2018-1000887", - "REQUESTER" : "jupitarsat@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "peel-shopping_9_1_0", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Peel shoping" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the \"Site Name EN\" parameter. This attack appears to be exploitable if the malicious user has access to the administration account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-26T20:07:07.995047", + "DATE_REQUESTED": "2018-12-16T17:27:50", + "ID": "CVE-2018-1000887", + "REQUESTER": "jupitarsat@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/advisto/peel-shopping/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/advisto/peel-shopping/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the \"Site Name EN\" parameter. This attack appears to be exploitable if the malicious user has access to the administration account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/advisto/peel-shopping/issues/1", + "refsource": "MISC", + "url": "https://github.com/advisto/peel-shopping/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12026.json b/2018/12xxx/CVE-2018-12026.json index f3723f4f454..61e5acda27a 100644 --- a/2018/12xxx/CVE-2018-12026.json +++ b/2018/12xxx/CVE-2018-12026.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.phusion.nl/passenger-5-3-2", - "refsource" : "MISC", - "url" : "https://blog.phusion.nl/passenger-5-3-2" - }, - { - "name" : "GLSA-201807-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201807-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.phusion.nl/passenger-5-3-2", + "refsource": "MISC", + "url": "https://blog.phusion.nl/passenger-5-3-2" + }, + { + "name": "GLSA-201807-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201807-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12390.json b/2018/12xxx/CVE-2018-12390.json index 9c0128cb67d..215018163dc 100644 --- a/2018/12xxx/CVE-2018-12390.json +++ b/2018/12xxx/CVE-2018-12390.json @@ -1,175 +1,175 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "63" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.3" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.3" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "63" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.3" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.3" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html" - }, - { - "name" : "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html" - }, - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-26/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-26/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-27/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-27/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-28/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-28/" - }, - { - "name" : "DSA-4324", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4324" - }, - { - "name" : "DSA-4337", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4337" - }, - { - "name" : "GLSA-201811-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-04" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:3005", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3005" - }, - { - "name" : "RHSA-2018:3006", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3006" - }, - { - "name" : "RHSA-2018:3531", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3531" - }, - { - "name" : "RHSA-2018:3532", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3532" - }, - { - "name" : "USN-3801-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3801-1/" - }, - { - "name" : "USN-3868-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3868-1/" - }, - { - "name" : "105718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105718" - }, - { - "name" : "105769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105769" - }, - { - "name" : "1041944", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105769" + }, + { + "name": "DSA-4324", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4324" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-28/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-28/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-26/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-26/" + }, + { + "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html" + }, + { + "name": "GLSA-201811-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-04" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "DSA-4337", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4337" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-27/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-27/" + }, + { + "name": "RHSA-2018:3005", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3005" + }, + { + "name": "105718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105718" + }, + { + "name": "RHSA-2018:3006", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3006" + }, + { + "name": "USN-3801-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3801-1/" + }, + { + "name": "USN-3868-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3868-1/" + }, + { + "name": "RHSA-2018:3532", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3532" + }, + { + "name": "RHSA-2018:3531", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3531" + }, + { + "name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html" + }, + { + "name": "1041944", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041944" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12464.json b/2018/12xxx/CVE-2018-12464.json index a9faea75324..14b6333f744 100644 --- a/2018/12xxx/CVE-2018-12464.json +++ b/2018/12xxx/CVE-2018-12464.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2018-06-28T16:00:00.000Z", - "ID" : "CVE-2018-12464", - "STATE" : "PUBLIC", - "TITLE" : "Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Secure Messaging Gateway", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "471 " - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Mehmet INCE from PRODAFT" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5)." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 10, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthenticated SQL injection (CWE-89)" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-06-28T16:00:00.000Z", + "ID": "CVE-2018-12464", + "STATE": "PUBLIC", + "TITLE": "Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Secure Messaging Gateway", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "471 " + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45083", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45083/" - }, - { - "name" : "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/", - "refsource" : "CONFIRM", - "url" : "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/" - }, - { - "name" : "https://support.microfocus.com/kb/doc.php?id=7023132", - "refsource" : "CONFIRM", - "url" : "https://support.microfocus.com/kb/doc.php?id=7023132" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Please upgrade to Secure Messaging Gateway 471 or newer using the online update tool in the Secure Messaging Gateway management console." - } - ], - "source" : { - "defect" : [ - "GWAV-2258" - ], - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Mehmet INCE from PRODAFT" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5)." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated SQL injection (CWE-89)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45083", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45083/" + }, + { + "name": "https://support.microfocus.com/kb/doc.php?id=7023132", + "refsource": "CONFIRM", + "url": "https://support.microfocus.com/kb/doc.php?id=7023132" + }, + { + "name": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/", + "refsource": "CONFIRM", + "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Please upgrade to Secure Messaging Gateway 471 or newer using the online update tool in the Secure Messaging Gateway management console." + } + ], + "source": { + "defect": [ + "GWAV-2258" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12862.json b/2018/12xxx/CVE-2018-12862.json index 0f07bae7a6a..f0970c16c22 100644 --- a/2018/12xxx/CVE-2018-12862.json +++ b/2018/12xxx/CVE-2018-12862.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105432" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105432" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13151.json b/2018/13xxx/CVE-2018-13151.json index 55439187712..3123e3ea357 100644 --- a/2018/13xxx/CVE-2018-13151.json +++ b/2018/13xxx/CVE-2018-13151.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13151", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13151", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13276.json b/2018/13xxx/CVE-2018-13276.json index b3e26bdad87..f9887f7b07d 100644 --- a/2018/13xxx/CVE-2018-13276.json +++ b/2018/13xxx/CVE-2018-13276.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13276", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13276", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13304.json b/2018/13xxx/CVE-2018-13304.json index a6c8f9632d9..26f711271d3 100644 --- a/2018/13xxx/CVE-2018-13304.json +++ b/2018/13xxx/CVE-2018-13304.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/bd27a9364ca274ca97f1df6d984e88a0700fb235", - "refsource" : "MISC", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/bd27a9364ca274ca97f1df6d984e88a0700fb235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/bd27a9364ca274ca97f1df6d984e88a0700fb235", + "refsource": "MISC", + "url": "https://github.com/FFmpeg/FFmpeg/commit/bd27a9364ca274ca97f1df6d984e88a0700fb235" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13951.json b/2018/13xxx/CVE-2018-13951.json index c9b5c5629db..75178101b94 100644 --- a/2018/13xxx/CVE-2018-13951.json +++ b/2018/13xxx/CVE-2018-13951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13951", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13951", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16244.json b/2018/16xxx/CVE-2018-16244.json index a97e899f4c6..f24ae3dd0f2 100644 --- a/2018/16xxx/CVE-2018-16244.json +++ b/2018/16xxx/CVE-2018-16244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16641.json b/2018/16xxx/CVE-2018-16641.json index bf4489619df..518481e143e 100644 --- a/2018/16xxx/CVE-2018-16641.json +++ b/2018/16xxx/CVE-2018-16641.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/256825d4eb33dc301496710d15cf5a7ae924088b", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/256825d4eb33dc301496710d15cf5a7ae924088b" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1206", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/256825d4eb33dc301496710d15cf5a7ae924088b", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/commit/256825d4eb33dc301496710d15cf5a7ae924088b" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1206", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1206" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16945.json b/2018/16xxx/CVE-2018-16945.json index 262bdc357ad..a764066149e 100644 --- a/2018/16xxx/CVE-2018-16945.json +++ b/2018/16xxx/CVE-2018-16945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4106.json b/2018/4xxx/CVE-2018-4106.json index c34d6e4ee5d..d600323a638 100644 --- a/2018/4xxx/CVE-2018-4106.json +++ b/2018/4xxx/CVE-2018-4106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the \"Terminal\" component. It allows user-assisted attackers to inject arbitrary commands within pasted content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208692", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208692" - }, - { - "name" : "103582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103582" - }, - { - "name" : "1040608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the \"Terminal\" component. It allows user-assisted attackers to inject arbitrary commands within pasted content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208692", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208692" + }, + { + "name": "103582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103582" + }, + { + "name": "1040608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040608" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4196.json b/2018/4xxx/CVE-2018-4196.json index f8f4a7490fe..316e0ef2b9e 100644 --- a/2018/4xxx/CVE-2018-4196.json +++ b/2018/4xxx/CVE-2018-4196.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"Accessibility Framework\" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - }, - { - "name" : "1041027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"Accessibility Framework\" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041027" + }, + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4696.json b/2018/4xxx/CVE-2018-4696.json index 3f4a5c0ac51..0ff0579e4e7 100644 --- a/2018/4xxx/CVE-2018-4696.json +++ b/2018/4xxx/CVE-2018-4696.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4696", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4696", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file