From 24e79b9c96cfd0c207138fcb5dfeb277db8191f9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:43:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/1xxx/CVE-2003-1205.json | 160 ++++++++-------- 2003/1xxx/CVE-2003-1234.json | 200 ++++++++++---------- 2003/1xxx/CVE-2003-1564.json | 170 ++++++++--------- 2004/0xxx/CVE-2004-0008.json | 320 +++++++++++++++---------------- 2004/0xxx/CVE-2004-0357.json | 160 ++++++++-------- 2004/0xxx/CVE-2004-0430.json | 180 +++++++++--------- 2004/0xxx/CVE-2004-0633.json | 240 ++++++++++++------------ 2004/0xxx/CVE-2004-0764.json | 240 ++++++++++++------------ 2004/1xxx/CVE-2004-1222.json | 140 +++++++------- 2004/1xxx/CVE-2004-1503.json | 150 +++++++-------- 2004/1xxx/CVE-2004-1639.json | 140 +++++++------- 2004/1xxx/CVE-2004-1657.json | 160 ++++++++-------- 2004/1xxx/CVE-2004-1699.json | 150 +++++++-------- 2004/2xxx/CVE-2004-2342.json | 170 ++++++++--------- 2004/2xxx/CVE-2004-2673.json | 170 ++++++++--------- 2004/2xxx/CVE-2004-2738.json | 180 +++++++++--------- 2008/2xxx/CVE-2008-2498.json | 160 ++++++++-------- 2008/2xxx/CVE-2008-2840.json | 140 +++++++------- 2008/6xxx/CVE-2008-6178.json | 160 ++++++++-------- 2008/6xxx/CVE-2008-6762.json | 150 +++++++-------- 2008/6xxx/CVE-2008-6899.json | 150 +++++++-------- 2008/6xxx/CVE-2008-6977.json | 170 ++++++++--------- 2008/7xxx/CVE-2008-7129.json | 150 +++++++-------- 2008/7xxx/CVE-2008-7254.json | 150 +++++++-------- 2012/1xxx/CVE-2012-1446.json | 190 +++++++++---------- 2012/5xxx/CVE-2012-5044.json | 120 ++++++------ 2012/5xxx/CVE-2012-5219.json | 130 ++++++------- 2012/5xxx/CVE-2012-5667.json | 200 ++++++++++---------- 2012/5xxx/CVE-2012-5883.json | 190 +++++++++---------- 2017/11xxx/CVE-2017-11352.json | 160 ++++++++-------- 2017/11xxx/CVE-2017-11403.json | 150 +++++++-------- 2017/15xxx/CVE-2017-15484.json | 34 ++-- 2017/15xxx/CVE-2017-15499.json | 34 ++-- 2017/3xxx/CVE-2017-3008.json | 140 +++++++------- 2017/3xxx/CVE-2017-3253.json | 332 ++++++++++++++++----------------- 2017/3xxx/CVE-2017-3516.json | 142 +++++++------- 2017/8xxx/CVE-2017-8184.json | 122 ++++++------ 2017/8xxx/CVE-2017-8717.json | 142 +++++++------- 2017/8xxx/CVE-2017-8912.json | 130 ++++++------- 2018/12xxx/CVE-2018-12309.json | 120 ++++++------ 2018/12xxx/CVE-2018-12909.json | 120 ++++++------ 2018/13xxx/CVE-2018-13785.json | 300 ++++++++++++++--------------- 2018/13xxx/CVE-2018-13907.json | 34 ++-- 2018/13xxx/CVE-2018-13969.json | 34 ++-- 2018/16xxx/CVE-2018-16297.json | 130 ++++++------- 2018/16xxx/CVE-2018-16323.json | 140 +++++++------- 2018/16xxx/CVE-2018-16325.json | 120 ++++++------ 2018/16xxx/CVE-2018-16510.json | 170 ++++++++--------- 2018/16xxx/CVE-2018-16878.json | 34 ++-- 2018/16xxx/CVE-2018-16953.json | 130 ++++++------- 2018/17xxx/CVE-2018-17241.json | 34 ++-- 2018/17xxx/CVE-2018-17653.json | 130 ++++++------- 2018/17xxx/CVE-2018-17815.json | 34 ++-- 53 files changed, 3953 insertions(+), 3953 deletions(-) diff --git a/2003/1xxx/CVE-2003-1205.json b/2003/1xxx/CVE-2003-1205.json index b2def25f745..3c87d2f24cb 100644 --- a/2003/1xxx/CVE-2003-1205.json +++ b/2003/1xxx/CVE-2003-1205.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the \"con\" MS-DOS device name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106019292611151&w=2" - }, - { - "name" : "http://www.crob.net/studio/ftpserver/", - "refsource" : "MISC", - "url" : "http://www.crob.net/studio/ftpserver/" - }, - { - "name" : "2378", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2378" - }, - { - "name" : "9467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9467" - }, - { - "name" : "crob-rename-file-dos(12838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the \"con\" MS-DOS device name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2378", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2378" + }, + { + "name": "crob-rename-file-dos(12838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12838" + }, + { + "name": "http://www.crob.net/studio/ftpserver/", + "refsource": "MISC", + "url": "http://www.crob.net/studio/ftpserver/" + }, + { + "name": "20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106019292611151&w=2" + }, + { + "name": "9467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9467" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1234.json b/2003/1xxx/CVE-2003-1234.json index 7e0c0b080b5..bdeffb4cf13 100644 --- a/2003/1xxx/CVE-2003-1234.json +++ b/2003/1xxx/CVE-2003-1234.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html" - }, - { - "name" : "20030106 PDS: Integer overflow in FreeBSD kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/305308/30/26420/threaded" - }, - { - "name" : "20030106 PDS: Integer overflow in FreeBSD kernel", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html" - }, - { - "name" : "FreeBSD-SA-02:44", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc" - }, - { - "name" : "http://www.pine.nl/press/pine-cert-20030101.txt", - "refsource" : "MISC", - "url" : "http://www.pine.nl/press/pine-cert-20030101.txt" - }, - { - "name" : "1005898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005898" - }, - { - "name" : "7821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7821" - }, - { - "name" : "freebsd-kernel-integer-overflow(10993)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10993.php" - }, - { - "name" : "6524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pine.nl/press/pine-cert-20030101.txt", + "refsource": "MISC", + "url": "http://www.pine.nl/press/pine-cert-20030101.txt" + }, + { + "name": "20030106 PDS: Integer overflow in FreeBSD kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/305308/30/26420/threaded" + }, + { + "name": "20030106 PDS: Integer overflow in FreeBSD kernel", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html" + }, + { + "name": "FreeBSD-SA-02:44", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc" + }, + { + "name": "20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html" + }, + { + "name": "6524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6524" + }, + { + "name": "1005898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005898" + }, + { + "name": "freebsd-kernel-integer-overflow(10993)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10993.php" + }, + { + "name": "7821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7821" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1564.json b/2003/1xxx/CVE-2003-1564.json index 83db4ccfb8c..85395eb5c37 100644 --- a/2003/1xxx/CVE-2003-1564.json +++ b/2003/1xxx/CVE-2003-1564.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the \"billion laughs attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[xml-dev] 20030202 Re: Elliotte Rusty Harold on Web Services", - "refsource" : "MLIST", - "url" : "http://www.stylusstudio.com/xmldev/200302/post20020.html" - }, - { - "name" : "[xml] 20080820 Security fix for libxml2", - "refsource" : "MLIST", - "url" : "http://mail.gnome.org/archives/xml/2008-August/msg00034.html" - }, - { - "name" : "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2", - "refsource" : "MISC", - "url" : "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2" - }, - { - "name" : "http://xmlsoft.org/news.html", - "refsource" : "MISC", - "url" : "http://xmlsoft.org/news.html" - }, - { - "name" : "RHSA-2008:0886", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0886.html" - }, - { - "name" : "31868", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the \"billion laughs attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31868", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31868" + }, + { + "name": "http://xmlsoft.org/news.html", + "refsource": "MISC", + "url": "http://xmlsoft.org/news.html" + }, + { + "name": "[xml-dev] 20030202 Re: Elliotte Rusty Harold on Web Services", + "refsource": "MLIST", + "url": "http://www.stylusstudio.com/xmldev/200302/post20020.html" + }, + { + "name": "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2", + "refsource": "MISC", + "url": "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2" + }, + { + "name": "[xml] 20080820 Security fix for libxml2", + "refsource": "MLIST", + "url": "http://mail.gnome.org/archives/xml/2008-August/msg00034.html" + }, + { + "name": "RHSA-2008:0886", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0886.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0008.json b/2004/0xxx/CVE-2004-0008.json index b8c9f246d5d..6ab206fa5db 100644 --- a/2004/0xxx/CVE-2004-0008.json +++ b/2004/0xxx/CVE-2004-0008.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040126 Advisory 01/2004: 12 x Gaim remote overflows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107513690306318&w=2" - }, - { - "name" : "20040126 Advisory 01/2004: 12 x Gaim remote overflows", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html" - }, - { - "name" : "http://security.e-matters.de/advisories/012004.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/012004.html" - }, - { - "name" : "20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107522432613022&w=2" - }, - { - "name" : "http://ultramagnetic.sourceforge.net/advisories/001.html", - "refsource" : "CONFIRM", - "url" : "http://ultramagnetic.sourceforge.net/advisories/001.html" - }, - { - "name" : "RHSA-2004:032", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-032.html" - }, - { - "name" : "RHSA-2004:033", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-033.html" - }, - { - "name" : "MDKSA-2004:006", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006" - }, - { - "name" : "DSA-434", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-434" - }, - { - "name" : "RHSA-2004:045", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-045.html" - }, - { - "name" : "CLA-2004:813", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813" - }, - { - "name" : "20040201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc" - }, - { - "name" : "20040127 [slackware-security] GAIM security update (SSA:2004-026-01)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107522338611564&w=2" - }, - { - "name" : "GLSA-200401-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200401-04.xml" - }, - { - "name" : "20040202-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" - }, - { - "name" : "VU#779614", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/779614" - }, - { - "name" : "3734", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3734" - }, - { - "name" : "oval:org.mitre.oval:def:820", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A820" - }, - { - "name" : "oval:org.mitre.oval:def:9469", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9469" - }, - { - "name" : "1008850", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008850" - }, - { - "name" : "gaim-directim-bo(14937)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040202-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" + }, + { + "name": "20040127 [slackware-security] GAIM security update (SSA:2004-026-01)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107522338611564&w=2" + }, + { + "name": "DSA-434", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-434" + }, + { + "name": "20040201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc" + }, + { + "name": "RHSA-2004:032", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html" + }, + { + "name": "oval:org.mitre.oval:def:820", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A820" + }, + { + "name": "3734", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3734" + }, + { + "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107513690306318&w=2" + }, + { + "name": "oval:org.mitre.oval:def:9469", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9469" + }, + { + "name": "http://ultramagnetic.sourceforge.net/advisories/001.html", + "refsource": "CONFIRM", + "url": "http://ultramagnetic.sourceforge.net/advisories/001.html" + }, + { + "name": "GLSA-200401-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml" + }, + { + "name": "1008850", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008850" + }, + { + "name": "20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107522432613022&w=2" + }, + { + "name": "http://security.e-matters.de/advisories/012004.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/012004.html" + }, + { + "name": "RHSA-2004:033", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html" + }, + { + "name": "MDKSA-2004:006", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006" + }, + { + "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html" + }, + { + "name": "gaim-directim-bo(14937)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14937" + }, + { + "name": "VU#779614", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/779614" + }, + { + "name": "CLA-2004:813", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813" + }, + { + "name": "RHSA-2004:045", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0357.json b/2004/0xxx/CVE-2004-0357.json index ade9679487c..88318316902 100644 --- a/2004/0xxx/CVE-2004-0357.json +++ b/2004/0xxx/CVE-2004-0357.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3) loadpageuser.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040305 SLWebMail Multiple Buffer Overflow Vulnerabilities (#NISR05022004b)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107850432827699&w=2" - }, - { - "name" : "http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf", - "refsource" : "CONFIRM", - "url" : "http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf" - }, - { - "name" : "http://www.nextgenss.com/advisories/slmailwm.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/slmailwm.txt" - }, - { - "name" : "slmail-slwebmail-bo(15399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15399" - }, - { - "name" : "9808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3) loadpageuser.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "slmail-slwebmail-bo(15399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15399" + }, + { + "name": "http://www.nextgenss.com/advisories/slmailwm.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/slmailwm.txt" + }, + { + "name": "9808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9808" + }, + { + "name": "http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf", + "refsource": "CONFIRM", + "url": "http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf" + }, + { + "name": "20040305 SLWebMail Multiple Buffer Overflow Vulnerabilities (#NISR05022004b)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107850432827699&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0430.json b/2004/0xxx/CVE-2004-0430.json index 58486aff63b..36b539a47bb 100644 --- a/2004/0xxx/CVE-2004-0430.json +++ b/2004/0xxx/CVE-2004-0430.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A050304-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2004/a050304-1.txt" - }, - { - "name" : "APPLE-SA-2004-05-03", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00049.html" - }, - { - "name" : "http://www.securiteam.com/securitynews/5QP0115CUO.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5QP0115CUO.html" - }, - { - "name" : "VU#648406", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/648406" - }, - { - "name" : "11539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11539" - }, - { - "name" : "1010039", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010039" - }, - { - "name" : "applefileserver-afp-pathname-bo(16049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A050304-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2004/a050304-1.txt" + }, + { + "name": "applefileserver-afp-pathname-bo(16049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16049" + }, + { + "name": "1010039", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010039" + }, + { + "name": "VU#648406", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/648406" + }, + { + "name": "http://www.securiteam.com/securitynews/5QP0115CUO.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5QP0115CUO.html" + }, + { + "name": "APPLE-SA-2004-05-03", + "refsource": "APPLE", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00049.html" + }, + { + "name": "11539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11539" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0633.json b/2004/0xxx/CVE-2004-0633.json index 73531bd515e..eff437589b3 100644 --- a/2004/0xxx/CVE-2004-0633.json +++ b/2004/0xxx/CVE-2004-0633.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00015.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00015.html" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381" - }, - { - "name" : "CLA-2005:916", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916" - }, - { - "name" : "FEDORA-2004-219", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.html" - }, - { - "name" : "FEDORA-2004-220", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.html" - }, - { - "name" : "GLSA-200407-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml" - }, - { - "name" : "MDKSA-2004:067", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067" - }, - { - "name" : "RHSA-2004:378", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-378.html" - }, - { - "name" : "VU#829422", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/829422" - }, - { - "name" : "oval:org.mitre.oval:def:9931", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9931" - }, - { - "name" : "1010655", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010655" - }, - { - "name" : "12024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12024" - }, - { - "name" : "ethereal-isns-dos(16630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1010655", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010655" + }, + { + "name": "CLA-2005:916", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916" + }, + { + "name": "MDKSA-2004:067", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00015.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00015.html" + }, + { + "name": "VU#829422", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/829422" + }, + { + "name": "12024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12024" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381" + }, + { + "name": "ethereal-isns-dos(16630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16630" + }, + { + "name": "FEDORA-2004-219", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.html" + }, + { + "name": "FEDORA-2004-220", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.html" + }, + { + "name": "RHSA-2004:378", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-378.html" + }, + { + "name": "oval:org.mitre.oval:def:9931", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9931" + }, + { + "name": "GLSA-200407-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0764.json b/2004/0xxx/CVE-2004-0764.json index 16fbbb0b0a9..3f49b76312e 100644 --- a/2004/0xxx/CVE-2004-0764.json +++ b/2004/0xxx/CVE-2004-0764.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=244965", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=244965" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" - }, - { - "name" : "FLSA:2089", - "refsource" : "FEDORA", - "url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2" - }, - { - "name" : "RHSA-2004:421", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-421.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "SUSE-SA:2004:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" - }, - { - "name" : "VU#262350", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/262350" - }, - { - "name" : "10832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10832" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "oval:org.mitre.oval:def:2418", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418" - }, - { - "name" : "oval:org.mitre.oval:def:9419", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419" - }, - { - "name" : "12188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12188" - }, - { - "name" : "mozilla-user-interface-spoofing(16837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12188" + }, + { + "name": "mozilla-user-interface-spoofing(16837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "SUSE-SA:2004:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" + }, + { + "name": "RHSA-2004:421", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" + }, + { + "name": "FLSA:2089", + "refsource": "FEDORA", + "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2" + }, + { + "name": "oval:org.mitre.oval:def:2418", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "VU#262350", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/262350" + }, + { + "name": "10832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10832" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=244965", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=244965" + }, + { + "name": "oval:org.mitre.oval:def:9419", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1222.json b/2004/1xxx/CVE-2004-1222.json index cde34dad621..fa29c74d6fc 100644 --- a/2004/1xxx/CVE-2004-1222.json +++ b/2004/1xxx/CVE-2004-1222.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the TextFile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041207 Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110245395510945&w=2" - }, - { - "name" : "11848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11848" - }, - { - "name" : "weblibs-directory-traversal(18399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the TextFile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weblibs-directory-traversal(18399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18399" + }, + { + "name": "20041207 Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110245395510945&w=2" + }, + { + "name": "11848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11848" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1503.json b/2004/1xxx/CVE-2004-1503.json index 9440891bf0d..681366dbc5c 100644 --- a/2004/1xxx/CVE-2004-1503.json +++ b/2004/1xxx/CVE-2004-1503.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041108 DOS against Java JNDI/DNS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109994063331773&w=2" - }, - { - "name" : "11619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11619" - }, - { - "name" : "13142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13142" - }, - { - "name" : "sun-jre-dns-dos(17990)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13142" + }, + { + "name": "20041108 DOS against Java JNDI/DNS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109994063331773&w=2" + }, + { + "name": "11619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11619" + }, + { + "name": "sun-jre-dns-dos(17990)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17990" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1639.json b/2004/1xxx/CVE-2004-1639.json index 409cf982e90..bb344042201 100644 --- a/2004/1xxx/CVE-2004-1639.json +++ b/2004/1xxx/CVE-2004-1639.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109886388528179&w=2" - }, - { - "name" : "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding or crash", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html" - }, - { - "name" : "mozilla-html-dos(17839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding or crash", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html" + }, + { + "name": "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109886388528179&w=2" + }, + { + "name": "mozilla-html-dos(17839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1657.json b/2004/1xxx/CVE-2004-1657.json index 9305d770054..66cf3c4484e 100644 --- a/2004/1xxx/CVE-2004-1657.json +++ b/2004/1xxx/CVE-2004-1657.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040901 Cross-Site Scripting Vulnerability in Newtelligence DasBlog", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109443321830050&w=2" - }, - { - "name" : "http://staff.newtelligence.net/clemensv/PermaLink.aspx?guid=69bce168-cb09-4f09-8d53-f0b97f11b198", - "refsource" : "CONFIRM", - "url" : "http://staff.newtelligence.net/clemensv/PermaLink.aspx?guid=69bce168-cb09-4f09-8d53-f0b97f11b198" - }, - { - "name" : "11086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11086" - }, - { - "name" : "12416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12416" - }, - { - "name" : "dasblog-useragent-referer-xss(17174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://staff.newtelligence.net/clemensv/PermaLink.aspx?guid=69bce168-cb09-4f09-8d53-f0b97f11b198", + "refsource": "CONFIRM", + "url": "http://staff.newtelligence.net/clemensv/PermaLink.aspx?guid=69bce168-cb09-4f09-8d53-f0b97f11b198" + }, + { + "name": "dasblog-useragent-referer-xss(17174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17174" + }, + { + "name": "12416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12416" + }, + { + "name": "20040901 Cross-Site Scripting Vulnerability in Newtelligence DasBlog", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109443321830050&w=2" + }, + { + "name": "11086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11086" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1699.json b/2004/1xxx/CVE-2004-1699.json index cdc57248a85..b0b4483e937 100644 --- a/2004/1xxx/CVE-2004-1699.json +++ b/2004/1xxx/CVE-2004-1699.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040922 Pinnacle ShowCenter 1.51 possible DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109589167110196&w=2" - }, - { - "name" : "20040921 Pinnacle ShowCenter Skin Denial of Service", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026733.html" - }, - { - "name" : "11232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11232" - }, - { - "name" : "pinnacle-showcenter-dos(17463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040922 Pinnacle ShowCenter 1.51 possible DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109589167110196&w=2" + }, + { + "name": "11232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11232" + }, + { + "name": "pinnacle-showcenter-dos(17463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17463" + }, + { + "name": "20040921 Pinnacle ShowCenter Skin Denial of Service", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026733.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2342.json b/2004/2xxx/CVE-2004-2342.json index 921abdc9387..a079d2814d8 100644 --- a/2004/2xxx/CVE-2004-2342.json +++ b/2004/2xxx/CVE-2004-2342.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using \"aaaaaa\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040130 Denial Of Service in ChatterBox 2.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/352341" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/ChatterBox2.0-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/ChatterBox2.0-adv.txt" - }, - { - "name" : "9532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9532" - }, - { - "name" : "3798", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3798" - }, - { - "name" : "10775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10775" - }, - { - "name" : "chatterbox-dos(15011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using \"aaaaaa\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9532" + }, + { + "name": "3798", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3798" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/ChatterBox2.0-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/ChatterBox2.0-adv.txt" + }, + { + "name": "20040130 Denial Of Service in ChatterBox 2.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/352341" + }, + { + "name": "chatterbox-dos(15011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15011" + }, + { + "name": "10775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10775" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2673.json b/2004/2xxx/CVE-2004-2673.json index b2bed563af6..d65ef933ccb 100644 --- a/2004/2xxx/CVE-2004-2673.json +++ b/2004/2xxx/CVE-2004-2673.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html" - }, - { - "name" : "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx" - }, - { - "name" : "9770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9770" - }, - { - "name" : "11334", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11334" - }, - { - "name" : "11002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11002" - }, - { - "name" : "argosoftftp-site-bo(15410)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11334", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11334" + }, + { + "name": "9770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9770" + }, + { + "name": "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx", + "refsource": "CONFIRM", + "url": "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx" + }, + { + "name": "11002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11002" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html" + }, + { + "name": "argosoftftp-site-bo(15410)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15410" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2738.json b/2004/2xxx/CVE-2004-2738.json index db8f84e3b1c..5463b1ed4df 100644 --- a/2004/2xxx/CVE-2004-2738.json +++ b/2004/2xxx/CVE-2004-2738.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110391024404947&w=2" - }, - { - "name" : "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html" - }, - { - "name" : "12103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12103" - }, - { - "name" : "12582", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12582" - }, - { - "name" : "1012677", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012677" - }, - { - "name" : "13649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13649" - }, - { - "name" : "zeroboard-checkuserid-xss(18680)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110391024404947&w=2" + }, + { + "name": "20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html" + }, + { + "name": "12582", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12582" + }, + { + "name": "13649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13649" + }, + { + "name": "12103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12103" + }, + { + "name": "zeroboard-checkuserid-xss(18680)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18680" + }, + { + "name": "1012677", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012677" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2498.json b/2008/2xxx/CVE-2008-2498.json index caf46cc5b57..08842356c60 100644 --- a/2008/2xxx/CVE-2008-2498.json +++ b/2008/2xxx/CVE-2008-2498.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.mambo-foundation.org/showthread.php?t=11799", - "refsource" : "CONFIRM", - "url" : "http://forum.mambo-foundation.org/showthread.php?t=11799" - }, - { - "name" : "29373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29373" - }, - { - "name" : "ADV-2008-1660", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1660/references" - }, - { - "name" : "30343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30343" - }, - { - "name" : "mambo-index-sql-injection(42644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mambo-index-sql-injection(42644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42644" + }, + { + "name": "ADV-2008-1660", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1660/references" + }, + { + "name": "29373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29373" + }, + { + "name": "http://forum.mambo-foundation.org/showthread.php?t=11799", + "refsource": "CONFIRM", + "url": "http://forum.mambo-foundation.org/showthread.php?t=11799" + }, + { + "name": "30343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30343" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2840.json b/2008/2xxx/CVE-2008-2840.json index 2f1482b524a..b6dc2ee2a1f 100644 --- a/2008/2xxx/CVE-2008-2840.json +++ b/2008/2xxx/CVE-2008-2840.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=607502", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=607502" - }, - { - "name" : "29788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29788" - }, - { - "name" : "30711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29788" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=607502", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=607502" + }, + { + "name": "30711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30711" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6178.json b/2008/6xxx/CVE-2008-6178.json index 3c76a030a52..f03fc8e410c 100644 --- a/2008/6xxx/CVE-2008-6178.json +++ b/2008/6xxx/CVE-2008-6178.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8060", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8060" - }, - { - "name" : "31812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31812" - }, - { - "name" : "ADV-2009-0447", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0447" - }, - { - "name" : "33973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33973" - }, - { - "name" : "falt4-fckeditor-file-upload(48769)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31812" + }, + { + "name": "33973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33973" + }, + { + "name": "ADV-2009-0447", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0447" + }, + { + "name": "falt4-fckeditor-file-upload(48769)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769" + }, + { + "name": "8060", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8060" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6762.json b/2008/6xxx/CVE-2008-6762.json index 17d5127a737..e43f2493c3d 100644 --- a/2008/6xxx/CVE-2008-6762.json +++ b/2008/6xxx/CVE-2008-6762.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081222 [ISecAuditors Security Advisories] Wordpress is vulnerable to an unauthorized upgrade and XSS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html" - }, - { - "name" : "DSA-1871", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1871" - }, - { - "name" : "52213", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52213" - }, - { - "name" : "wordpress-upgrade-phishing(50382)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1871", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1871" + }, + { + "name": "20081222 [ISecAuditors Security Advisories] Wordpress is vulnerable to an unauthorized upgrade and XSS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html" + }, + { + "name": "52213", + "refsource": "OSVDB", + "url": "http://osvdb.org/52213" + }, + { + "name": "wordpress-upgrade-phishing(50382)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50382" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6899.json b/2008/6xxx/CVE-2008-6899.json index 1f2c17eefe3..9d067b0a774 100644 --- a/2008/6xxx/CVE-2008-6899.json +++ b/2008/6xxx/CVE-2008-6899.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081222 FreeSSHd Multiple Remote Stack Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499486/100/0/threaded" - }, - { - "name" : "http://www.bmgsec.com.au/advisories/freeSSHd-bof.txt", - "refsource" : "MISC", - "url" : "http://www.bmgsec.com.au/advisories/freeSSHd-bof.txt" - }, - { - "name" : "32972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32972" - }, - { - "name" : "freesshd-open-bo(52434)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freesshd-open-bo(52434)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52434" + }, + { + "name": "32972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32972" + }, + { + "name": "http://www.bmgsec.com.au/advisories/freeSSHd-bof.txt", + "refsource": "MISC", + "url": "http://www.bmgsec.com.au/advisories/freeSSHd-bof.txt" + }, + { + "name": "20081222 FreeSSHd Multiple Remote Stack Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499486/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6977.json b/2008/6xxx/CVE-2008-6977.json index 2e3b5b50a6b..dfea8eded6d 100644 --- a/2008/6xxx/CVE-2008-6977.json +++ b/2008/6xxx/CVE-2008-6977.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6357", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6357" - }, - { - "name" : "6420", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6420" - }, - { - "name" : "30996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30996" - }, - { - "name" : "47915", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/47915" - }, - { - "name" : "31649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31649" - }, - { - "name" : "aspwebalbum-album-xss(44878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31649" + }, + { + "name": "aspwebalbum-album-xss(44878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44878" + }, + { + "name": "30996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30996" + }, + { + "name": "47915", + "refsource": "OSVDB", + "url": "http://osvdb.org/47915" + }, + { + "name": "6420", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6420" + }, + { + "name": "6357", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6357" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7129.json b/2008/7xxx/CVE-2008-7129.json index 98750a93399..b2e1e231ed7 100644 --- a/2008/7xxx/CVE-2008-7129.json +++ b/2008/7xxx/CVE-2008-7129.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://polarssl.org/?archive#001c", - "refsource" : "CONFIRM", - "url" : "http://polarssl.org/?archive#001c" - }, - { - "name" : "49101", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49101" - }, - { - "name" : "ADV-2008-0917", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0917" - }, - { - "name" : "xyssl-x509-dos(41255)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0917", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0917" + }, + { + "name": "49101", + "refsource": "OSVDB", + "url": "http://osvdb.org/49101" + }, + { + "name": "xyssl-x509-dos(41255)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41255" + }, + { + "name": "http://polarssl.org/?archive#001c", + "refsource": "CONFIRM", + "url": "http://polarssl.org/?archive#001c" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7254.json b/2008/7xxx/CVE-2008-7254.json index 1782e9b80b3..9e7ff58f997 100644 --- a/2008/7xxx/CVE-2008-7254.json +++ b/2008/7xxx/CVE-2008-7254.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0808-exploits/pepsicms-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0808-exploits/pepsicms-rfi.txt" - }, - { - "name" : "11938", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11938" - }, - { - "name" : "63348", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63348" - }, - { - "name" : "39214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11938", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11938" + }, + { + "name": "63348", + "refsource": "OSVDB", + "url": "http://osvdb.org/63348" + }, + { + "name": "39214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39214" + }, + { + "name": "http://packetstormsecurity.org/0808-exploits/pepsicms-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0808-exploits/pepsicms-rfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1446.json b/2012/1xxx/CVE-2012-1446.json index 48be03f4b62..aa69de8252e 100644 --- a/2012/1xxx/CVE-2012-1446.json +++ b/2012/1xxx/CVE-2012-1446.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "52600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52600" - }, - { - "name" : "80426", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80426" - }, - { - "name" : "80427", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80427" - }, - { - "name" : "80428", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80428" - }, - { - "name" : "80430", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80430" - }, - { - "name" : "80431", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80430", + "refsource": "OSVDB", + "url": "http://osvdb.org/80430" + }, + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "80427", + "refsource": "OSVDB", + "url": "http://osvdb.org/80427" + }, + { + "name": "52600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52600" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + }, + { + "name": "80428", + "refsource": "OSVDB", + "url": "http://osvdb.org/80428" + }, + { + "name": "80426", + "refsource": "OSVDB", + "url": "http://osvdb.org/80426" + }, + { + "name": "80431", + "refsource": "OSVDB", + "url": "http://osvdb.org/80431" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5044.json b/2012/5xxx/CVE-2012-5044.json index c952fdd09b8..2ddd877ec11 100644 --- a/2012/5xxx/CVE-2012-5044.json +++ b/2012/5xxx/CVE-2012-5044.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-5044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5219.json b/2012/5xxx/CVE-2012-5219.json index e9caf7aef30..9147421bc45 100644 --- a/2012/5xxx/CVE-2012-5219.json +++ b/2012/5xxx/CVE-2012-5219.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-5219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI02868", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03737200" - }, - { - "name" : "SSRT101017", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03737200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI02868", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03737200" + }, + { + "name": "SSRT101017", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03737200" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5667.json b/2012/5xxx/CVE-2012-5667.json index 04a0ea4bed7..d90349836ee 100644 --- a/2012/5xxx/CVE-2012-5667.json +++ b/2012/5xxx/CVE-2012-5667.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[bug-grep] 20121217 Re: Exploit in grep..", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html" - }, - { - "name" : "[oss-security] 20121221 Re: CVE Request: grep", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/12/22/6" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189" - }, - { - "name" : "http://git.sv.gnu.org/gitweb/?p=grep.git;a=shortlog;h=v2.11", - "refsource" : "CONFIRM", - "url" : "http://git.sv.gnu.org/gitweb/?p=grep.git;a=shortlog;h=v2.11" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=889935", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=889935" - }, - { - "name" : "RHSA-2015:1447", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1447.html" - }, - { - "name" : "57033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473" + }, + { + "name": "57033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57033" + }, + { + "name": "http://git.sv.gnu.org/gitweb/?p=grep.git;a=shortlog;h=v2.11", + "refsource": "CONFIRM", + "url": "http://git.sv.gnu.org/gitweb/?p=grep.git;a=shortlog;h=v2.11" + }, + { + "name": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=889935", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889935" + }, + { + "name": "RHSA-2015:1447", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1447.html" + }, + { + "name": "[bug-grep] 20121217 Re: Exploit in grep..", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html" + }, + { + "name": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189" + }, + { + "name": "[oss-security] 20121221 Re: CVE Request: grep", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/12/22/6" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5883.json b/2012/5xxx/CVE-2012-5883.json index d57bfbf5f35..ab7e982779c 100644 --- a/2012/5xxx/CVE-2012-5883.json +++ b/2012/5xxx/CVE-2012-5883.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.6.11/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.6.11/" - }, - { - "name" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", - "refsource" : "CONFIRM", - "url" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" - }, - { - "name" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", - "refsource" : "CONFIRM", - "url" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" - }, - { - "name" : "http://yuilibrary.com/support/20121030-vulnerability/", - "refsource" : "CONFIRM", - "url" : "http://yuilibrary.com/support/20121030-vulnerability/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" - }, - { - "name" : "MDVSA-2013:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066" - }, - { - "name" : "56385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56385" - }, - { - "name" : "bugzilla-flash-xss(80116)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" + }, + { + "name": "MDVSA-2013:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066" + }, + { + "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", + "refsource": "CONFIRM", + "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" + }, + { + "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", + "refsource": "CONFIRM", + "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" + }, + { + "name": "http://www.bugzilla.org/security/3.6.11/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.6.11/" + }, + { + "name": "56385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56385" + }, + { + "name": "bugzilla-flash-xss(80116)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116" + }, + { + "name": "http://yuilibrary.com/support/20121030-vulnerability/", + "refsource": "CONFIRM", + "url": "http://yuilibrary.com/support/20121030-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11352.json b/2017/11xxx/CVE-2017-11352.json index c1159fbfe97..eeede2da3a0 100644 --- a/2017/11xxx/CVE-2017-11352.json +++ b/2017/11xxx/CVE-2017-11352.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/868469", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/868469" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/502", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/502" - }, - { - "name" : "DSA-4040", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4040" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "99600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4040", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4040" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://bugs.debian.org/868469", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/868469" + }, + { + "name": "99600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99600" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/502", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/502" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11403.json b/2017/11xxx/CVE-2017-11403.json index 6ca04afb864..2c299031a09 100644 --- a/2017/11xxx/CVE-2017-11403.json +++ b/2017/11xxx/CVE-2017-11403.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37", - "refsource" : "MISC", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37", + "refsource": "MISC", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15484.json b/2017/15xxx/CVE-2017-15484.json index 695ca70f2f5..c3b77330669 100644 --- a/2017/15xxx/CVE-2017-15484.json +++ b/2017/15xxx/CVE-2017-15484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15484", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15484", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15499.json b/2017/15xxx/CVE-2017-15499.json index 039659edf47..bba10027acd 100644 --- a/2017/15xxx/CVE-2017-15499.json +++ b/2017/15xxx/CVE-2017-15499.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15499", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15499", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3008.json b/2017/3xxx/CVE-2017-3008.json index 00ac9e1ef4c..a96bcb76349 100644 --- a/2017/3xxx/CVE-2017-3008.json +++ b/2017/3xxx/CVE-2017-3008.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html" - }, - { - "name" : "98002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98002" - }, - { - "name" : "1038364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html" + }, + { + "name": "98002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98002" + }, + { + "name": "1038364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038364" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3253.json b/2017/3xxx/CVE-2017-3253.json index d936d0032fe..7c6c5832773 100644 --- a/2017/3xxx/CVE-2017-3253.json +++ b/2017/3xxx/CVE-2017-3253.json @@ -1,168 +1,168 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java SE", - "version" : { - "version_data" : [ - { - "version_value" : "6u131" - }, - { - "version_value" : "7u121" - }, - { - "version_value" : "8u112" - } - ] - } - }, - { - "product_name" : "Java SE Embedded", - "version" : { - "version_data" : [ - { - "version_value" : "8u111" - } - ] - } - }, - { - "product_name" : "JRockit", - "version" : { - "version_data" : [ - { - "version_value" : "R28.3.12" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java SE", + "version": { + "version_data": [ + { + "version_value": "6u131" + }, + { + "version_value": "7u121" + }, + { + "version_value": "8u112" + } + ] + } + }, + { + "product_name": "Java SE Embedded", + "version": { + "version_data": [ + { + "version_value": "8u111" + } + ] + } + }, + { + "product_name": "JRockit", + "version": { + "version_data": [ + { + "version_value": "R28.3.12" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170119-0001/" - }, - { - "name" : "DSA-3782", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3782" - }, - { - "name" : "GLSA-201701-65", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-65" - }, - { - "name" : "GLSA-201707-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-01" - }, - { - "name" : "RHSA-2017:0175", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0175.html" - }, - { - "name" : "RHSA-2017:0176", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0176.html" - }, - { - "name" : "RHSA-2017:0177", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0177.html" - }, - { - "name" : "RHSA-2017:0180", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0180.html" - }, - { - "name" : "RHSA-2017:0263", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0263.html" - }, - { - "name" : "RHSA-2017:0269", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0269.html" - }, - { - "name" : "RHSA-2017:0336", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0336.html" - }, - { - "name" : "RHSA-2017:0337", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0337.html" - }, - { - "name" : "RHSA-2017:0338", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0338.html" - }, - { - "name" : "RHSA-2017:1216", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1216" - }, - { - "name" : "95498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95498" - }, - { - "name" : "1037637", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0338", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" + }, + { + "name": "DSA-3782", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3782" + }, + { + "name": "RHSA-2017:0176", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html" + }, + { + "name": "GLSA-201701-65", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-65" + }, + { + "name": "RHSA-2017:0180", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html" + }, + { + "name": "1037637", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037637" + }, + { + "name": "GLSA-201707-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-01" + }, + { + "name": "RHSA-2017:0175", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html" + }, + { + "name": "RHSA-2017:0177", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html" + }, + { + "name": "RHSA-2017:0263", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html" + }, + { + "name": "RHSA-2017:1216", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1216" + }, + { + "name": "95498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95498" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" + }, + { + "name": "RHSA-2017:0269", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "RHSA-2017:0337", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html" + }, + { + "name": "RHSA-2017:0336", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3516.json b/2017/3xxx/CVE-2017-3516.json index c44dc1ed3fd..dcaf3400d44 100644 --- a/2017/3xxx/CVE-2017-3516.json +++ b/2017/3xxx/CVE-2017-3516.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97793" - }, - { - "name" : "1038292", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97793" + }, + { + "name": "1038292", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038292" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8184.json b/2017/8xxx/CVE-2017-8184.json index 2eaa2d6be6e..30aa9dd08c7 100644 --- a/2017/8xxx/CVE-2017-8184.json +++ b/2017/8xxx/CVE-2017-8184.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nice-AL00", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "any memory access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nice-AL00", + "version": { + "version_data": [ + { + "version_value": "Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "any memory access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8717.json b/2017/8xxx/CVE-2017-8717.json index f731fcebeb5..f5deb05acb5 100644 --- a/2017/8xxx/CVE-2017-8717.json +++ b/2017/8xxx/CVE-2017-8717.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-8717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft JET Database Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8718." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-8717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft JET Database Engine", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8717", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8717" - }, - { - "name" : "101161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101161" - }, - { - "name" : "1039527", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8718." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101161" + }, + { + "name": "1039527", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039527" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8717", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8717" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8912.json b/2017/8xxx/CVE-2017-8912.json index cfb67eae21d..b4624a18417 100644 --- a/2017/8xxx/CVE-2017-8912.json +++ b/2017/8xxx/CVE-2017-8912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is \"a feature, not a bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41997", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41997/" - }, - { - "name" : "https://osandamalith.com/2017/05/11/cmsms-2-1-6-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://osandamalith.com/2017/05/11/cmsms-2-1-6-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is \"a feature, not a bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41997", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41997/" + }, + { + "name": "https://osandamalith.com/2017/05/11/cmsms-2-1-6-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://osandamalith.com/2017/05/11/cmsms-2-1-6-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12309.json b/2018/12xxx/CVE-2018-12309.json index af10b273d8a..0a30446aa5a 100644 --- a/2018/12xxx/CVE-2018-12309.json +++ b/2018/12xxx/CVE-2018-12309.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the \"path\" URL parameter. NOTE: the \"filename\" POST parameter is covered by CVE-2018-11345." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the \"path\" URL parameter. NOTE: the \"filename\" POST parameter is covered by CVE-2018-11345." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12909.json b/2018/12xxx/CVE-2018-12909.json index 19e74522d40..27ce619e1f0 100644 --- a/2018/12xxx/CVE-2018-12909.json +++ b/2018/12xxx/CVE-2018-12909.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a \"publicly accessible environment.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jokkedk/webgrind/issues/112", - "refsource" : "MISC", - "url" : "https://github.com/jokkedk/webgrind/issues/112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a \"publicly accessible environment.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jokkedk/webgrind/issues/112", + "refsource": "MISC", + "url": "https://github.com/jokkedk/webgrind/issues/112" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13785.json b/2018/13xxx/CVE-2018-13785.json index 4fcb7ff43a8..1a88cf56f2e 100644 --- a/2018/13xxx/CVE-2018-13785.json +++ b/2018/13xxx/CVE-2018-13785.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2", - "refsource" : "MISC", - "url" : "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2" - }, - { - "name" : "https://sourceforge.net/p/libpng/bugs/278/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/libpng/bugs/278/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0001/" - }, - { - "name" : "RHSA-2018:3000", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3000" - }, - { - "name" : "RHSA-2018:3001", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3001" - }, - { - "name" : "RHSA-2018:3002", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3002" - }, - { - "name" : "RHSA-2018:3003", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3003" - }, - { - "name" : "RHSA-2018:3007", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3007" - }, - { - "name" : "RHSA-2018:3008", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3008" - }, - { - "name" : "RHSA-2018:3533", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3533" - }, - { - "name" : "RHSA-2018:3534", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3534" - }, - { - "name" : "RHSA-2018:3671", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3671" - }, - { - "name" : "RHSA-2018:3672", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3672" - }, - { - "name" : "RHSA-2018:3779", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3779" - }, - { - "name" : "RHSA-2018:3852", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3852" - }, - { - "name" : "USN-3712-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3712-1/" - }, - { - "name" : "105599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105599" - }, - { - "name" : "1041889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3007", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3007" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0001/" + }, + { + "name": "RHSA-2018:3779", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3779" + }, + { + "name": "RHSA-2018:3534", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3534" + }, + { + "name": "RHSA-2018:3003", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3003" + }, + { + "name": "USN-3712-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3712-1/" + }, + { + "name": "RHSA-2018:3002", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3002" + }, + { + "name": "https://sourceforge.net/p/libpng/bugs/278/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/libpng/bugs/278/" + }, + { + "name": "RHSA-2018:3671", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3671" + }, + { + "name": "RHSA-2018:3852", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3852" + }, + { + "name": "RHSA-2018:3008", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3008" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2018:3533", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3533" + }, + { + "name": "RHSA-2018:3001", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3001" + }, + { + "name": "RHSA-2018:3000", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3000" + }, + { + "name": "105599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105599" + }, + { + "name": "1041889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041889" + }, + { + "name": "RHSA-2018:3672", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3672" + }, + { + "name": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2", + "refsource": "MISC", + "url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13907.json b/2018/13xxx/CVE-2018-13907.json index 6be4fd29944..e09790ab7b4 100644 --- a/2018/13xxx/CVE-2018-13907.json +++ b/2018/13xxx/CVE-2018-13907.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13907", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13907", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13969.json b/2018/13xxx/CVE-2018-13969.json index 2a1959882c0..e592a88f3f0 100644 --- a/2018/13xxx/CVE-2018-13969.json +++ b/2018/13xxx/CVE-2018-13969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13969", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13969", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16297.json b/2018/16xxx/CVE-2018-16297.json index a76e61c5def..59fdef36ee5 100644 --- a/2018/16xxx/CVE-2018-16297.json +++ b/2018/16xxx/CVE-2018-16297.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "1041769", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "1041769", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041769" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16323.json b/2018/16xxx/CVE-2018-16323.json index 299b879b805..e3ab064dff8 100644 --- a/2018/16xxx/CVE-2018-16323.json +++ b/2018/16xxx/CVE-2018-16323.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45890", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45890/" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786" - }, - { - "name" : "USN-3785-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3785-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45890", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45890/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786" + }, + { + "name": "USN-3785-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3785-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16325.json b/2018/16xxx/CVE-2018-16325.json index 85bddf3760b..7a78521876b 100644 --- a/2018/16xxx/CVE-2018-16325.json +++ b/2018/16xxx/CVE-2018-16325.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1284", - "refsource" : "MISC", - "url" : "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1284", + "refsource": "MISC", + "url": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1284" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16510.json b/2018/16xxx/CVE-2018-16510.json index 6adaef881ec..22f6b0a1ddd 100644 --- a/2018/16xxx/CVE-2018-16510.json +++ b/2018/16xxx/CVE-2018-16510.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the \"CS\" and \"SC\" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9" - }, - { - "name" : "http://openwall.com/lists/oss-security/2018/08/27/4", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2018/08/27/4" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699671", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699671" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "USN-3768-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3768-1/" - }, - { - "name" : "USN-3773-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3773-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the \"CS\" and \"SC\" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2018/08/27/4", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2018/08/27/4" + }, + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "USN-3768-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3768-1/" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9" + }, + { + "name": "USN-3773-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3773-1/" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=699671", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699671" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16878.json b/2018/16xxx/CVE-2018-16878.json index 9032063b626..a345194231a 100644 --- a/2018/16xxx/CVE-2018-16878.json +++ b/2018/16xxx/CVE-2018-16878.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16878", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16878", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16953.json b/2018/16xxx/CVE-2018-16953.json index f3e64178b32..e18dba6225c 100644 --- a/2018/16xxx/CVE-2018-16953.json +++ b/2018/16xxx/CVE-2018-16953.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). User input from the name parameter is unsafely reflected in the server response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://seclists.org/fulldisclosure/2018/Sep/22", - "refsource" : "MISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/22" - }, - { - "name" : "105350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). User input from the name parameter is unsafely reflected in the server response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://seclists.org/fulldisclosure/2018/Sep/22", + "refsource": "MISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/22" + }, + { + "name": "105350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105350" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17241.json b/2018/17xxx/CVE-2018-17241.json index 082ac1c3dc1..5066cb75e3e 100644 --- a/2018/17xxx/CVE-2018-17241.json +++ b/2018/17xxx/CVE-2018-17241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17653.json b/2018/17xxx/CVE-2018-17653.json index fb596a10726..e95736acd8a 100644 --- a/2018/17xxx/CVE-2018-17653.json +++ b/2018/17xxx/CVE-2018-17653.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6503." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1220/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1220/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6503." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1220/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1220/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17815.json b/2018/17xxx/CVE-2018-17815.json index 47bb69564ec..a69a80486d2 100644 --- a/2018/17xxx/CVE-2018-17815.json +++ b/2018/17xxx/CVE-2018-17815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17815", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17815", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file