From 263d20b36889f012e211a474820cb08e47cb5782 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:43:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0216.json | 260 +++++++++++------------ 2004/0xxx/CVE-2004-0490.json | 180 ++++++++-------- 2004/0xxx/CVE-2004-0803.json | 310 +++++++++++++-------------- 2004/0xxx/CVE-2004-0856.json | 34 +-- 2004/1xxx/CVE-2004-1031.json | 150 ++++++------- 2004/1xxx/CVE-2004-1047.json | 34 +-- 2004/1xxx/CVE-2004-1630.json | 150 ++++++------- 2004/1xxx/CVE-2004-1680.json | 150 ++++++------- 2004/1xxx/CVE-2004-1715.json | 170 +++++++-------- 2004/2xxx/CVE-2004-2403.json | 160 +++++++------- 2004/2xxx/CVE-2004-2604.json | 150 ++++++------- 2008/2xxx/CVE-2008-2109.json | 200 +++++++++--------- 2008/2xxx/CVE-2008-2224.json | 150 ++++++------- 2008/2xxx/CVE-2008-2533.json | 140 ++++++------- 2008/3xxx/CVE-2008-3203.json | 160 +++++++------- 2008/3xxx/CVE-2008-3263.json | 230 ++++++++++---------- 2008/3xxx/CVE-2008-3269.json | 170 +++++++-------- 2008/4xxx/CVE-2008-4537.json | 170 +++++++-------- 2008/6xxx/CVE-2008-6255.json | 150 ++++++------- 2008/6xxx/CVE-2008-6339.json | 34 +-- 2008/6xxx/CVE-2008-6571.json | 160 +++++++------- 2008/6xxx/CVE-2008-6739.json | 130 ++++++------ 2008/7xxx/CVE-2008-7016.json | 150 ++++++------- 2008/7xxx/CVE-2008-7271.json | 130 ++++++------ 2017/11xxx/CVE-2017-11110.json | 120 +++++------ 2017/11xxx/CVE-2017-11226.json | 160 +++++++------- 2017/11xxx/CVE-2017-11488.json | 34 +-- 2017/11xxx/CVE-2017-11674.json | 120 +++++------ 2017/14xxx/CVE-2017-14689.json | 120 +++++------ 2017/14xxx/CVE-2017-14752.json | 120 +++++------ 2017/14xxx/CVE-2017-14968.json | 120 +++++------ 2017/15xxx/CVE-2017-15294.json | 140 ++++++------- 2017/15xxx/CVE-2017-15338.json | 120 +++++------ 2017/15xxx/CVE-2017-15751.json | 120 +++++------ 2017/15xxx/CVE-2017-15849.json | 142 ++++++------- 2017/8xxx/CVE-2017-8706.json | 142 ++++++------- 2017/9xxx/CVE-2017-9365.json | 130 ++++++------ 2017/9xxx/CVE-2017-9539.json | 34 +-- 2018/1000xxx/CVE-2018-1000112.json | 124 +++++------ 2018/1000xxx/CVE-2018-1000404.json | 126 +++++------ 2018/12xxx/CVE-2018-12378.json | 326 ++++++++++++++--------------- 2018/12xxx/CVE-2018-12644.json | 34 +-- 2018/12xxx/CVE-2018-12655.json | 120 +++++------ 2018/12xxx/CVE-2018-12707.json | 34 +-- 2018/13xxx/CVE-2018-13392.json | 144 ++++++------- 2018/13xxx/CVE-2018-13489.json | 130 ++++++------ 2018/13xxx/CVE-2018-13663.json | 130 ++++++------ 2018/16xxx/CVE-2018-16018.json | 130 ++++++------ 2018/16xxx/CVE-2018-16371.json | 120 +++++------ 2018/16xxx/CVE-2018-16398.json | 130 ++++++------ 2018/16xxx/CVE-2018-16981.json | 120 +++++------ 2018/4xxx/CVE-2018-4016.json | 34 +-- 2018/4xxx/CVE-2018-4156.json | 160 +++++++------- 2018/4xxx/CVE-2018-4590.json | 34 +-- 2018/4xxx/CVE-2018-4976.json | 140 ++++++------- 2019/7xxx/CVE-2019-7425.json | 58 ++++- 56 files changed, 3746 insertions(+), 3692 deletions(-) diff --git a/2004/0xxx/CVE-2004-0216.json b/2004/0xxx/CVE-2004-0216.json index d917d710611..b4de1d9c800 100644 --- a/2004/0xxx/CVE-2004-0216.json +++ b/2004/0xxx/CVE-2004-0216.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109760693512754&w=2" - }, - { - "name" : "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110616383332055&w=2" - }, - { - "name" : "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=110619893620517&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/msinsengfull.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/msinsengfull.txt" - }, - { - "name" : "MS04-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" - }, - { - "name" : "TA04-293A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" - }, - { - "name" : "VU#637760", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/637760" - }, - { - "name" : "oval:org.mitre.oval:def:5316", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316" - }, - { - "name" : "oval:org.mitre.oval:def:5329", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329" - }, - { - "name" : "oval:org.mitre.oval:def:6100", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100" - }, - { - "name" : "oval:org.mitre.oval:def:6600", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600" - }, - { - "name" : "oval:org.mitre.oval:def:7717", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717" - }, - { - "name" : "oval:org.mitre.oval:def:7865", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865" - }, - { - "name" : "ie-installenginectl-setciffile-bo(17620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620" - }, - { - "name" : "ie-ms04038-patch(17651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5316", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316" + }, + { + "name": "http://www.ngssoftware.com/advisories/msinsengfull.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/msinsengfull.txt" + }, + { + "name": "VU#637760", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/637760" + }, + { + "name": "MS04-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" + }, + { + "name": "ie-installenginectl-setciffile-bo(17620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620" + }, + { + "name": "oval:org.mitre.oval:def:7865", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865" + }, + { + "name": "TA04-293A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" + }, + { + "name": "ie-ms04038-patch(17651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" + }, + { + "name": "oval:org.mitre.oval:def:7717", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717" + }, + { + "name": "oval:org.mitre.oval:def:6100", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100" + }, + { + "name": "oval:org.mitre.oval:def:6600", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600" + }, + { + "name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110616383332055&w=2" + }, + { + "name": "20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109760693512754&w=2" + }, + { + "name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=110619893620517&w=2" + }, + { + "name": "oval:org.mitre.oval:def:5329", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0490.json b/2004/0xxx/CVE-2004-0490.json index 9b074eb62e1..a93d0675494 100644 --- a/2004/0xxx/CVE-2004-0490.json +++ b/2004/0xxx/CVE-2004-0490.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040524 cPanel mod_phpsuexec Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/364112" - }, - { - "name" : "http://www.a-squad.com/audit/explain10.html", - "refsource" : "MISC", - "url" : "http://www.a-squad.com/audit/explain10.html" - }, - { - "name" : "http://www.securiteam.com/tools/5TP0N15CUA.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/tools/5TP0N15CUA.html" - }, - { - "name" : "http://bugzilla.cpanel.net/show_bug.cgi?id=283", - "refsource" : "MISC", - "url" : "http://bugzilla.cpanel.net/show_bug.cgi?id=283" - }, - { - "name" : "http://bugzilla.cpanel.net/show_bug.cgi?id=664", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.cpanel.net/show_bug.cgi?id=664" - }, - { - "name" : "cpanel-modphpsuexec-execute-commands(16239)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239" - }, - { - "name" : "10407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10407" + }, + { + "name": "cpanel-modphpsuexec-execute-commands(16239)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239" + }, + { + "name": "http://bugzilla.cpanel.net/show_bug.cgi?id=664", + "refsource": "CONFIRM", + "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664" + }, + { + "name": "http://bugzilla.cpanel.net/show_bug.cgi?id=283", + "refsource": "MISC", + "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283" + }, + { + "name": "20040524 cPanel mod_phpsuexec Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/364112" + }, + { + "name": "http://www.securiteam.com/tools/5TP0N15CUA.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/tools/5TP0N15CUA.html" + }, + { + "name": "http://www.a-squad.com/audit/explain10.html", + "refsource": "MISC", + "url": "http://www.a-squad.com/audit/explain10.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0803.json b/2004/0xxx/CVE-2004-0803.json index 2ca1c75139d..8a08e33ce11 100644 --- a/2004/0xxx/CVE-2004-0803.json +++ b/2004/0xxx/CVE-2004-0803.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041013 CESA-2004-006: libtiff", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109778785107450&w=2" - }, - { - "name" : "http://scary.beasts.org/security/CESA-2004-006.txt", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2004-006.txt" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20041209-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20041209-2.txt" - }, - { - "name" : "CLA-2004:888", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888" - }, - { - "name" : "DSA-567", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-567" - }, - { - "name" : "GLSA-200410-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml" - }, - { - "name" : "MDKSA-2004:109", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109" - }, - { - "name" : "MDKSA-2005:052", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" - }, - { - "name" : "RHSA-2004:577", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-577.html" - }, - { - "name" : "RHSA-2005:354", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-354.html" - }, - { - "name" : "RHSA-2005:021", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-021.html" - }, - { - "name" : "101677", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1" - }, - { - "name" : "201072", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1" - }, - { - "name" : "SUSE-SA:2004:038", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html" - }, - { - "name" : "VU#948752", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/948752" - }, - { - "name" : "11406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11406" - }, - { - "name" : "oval:org.mitre.oval:def:100114", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114" - }, - { - "name" : "oval:org.mitre.oval:def:8896", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896" - }, - { - "name" : "12818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12818" - }, - { - "name" : "libtiff-library-decoding-bo(17703)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200410-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml" + }, + { + "name": "RHSA-2004:577", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html" + }, + { + "name": "MDKSA-2004:109", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109" + }, + { + "name": "oval:org.mitre.oval:def:100114", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114" + }, + { + "name": "RHSA-2005:021", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html" + }, + { + "name": "20041013 CESA-2004-006: libtiff", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109778785107450&w=2" + }, + { + "name": "oval:org.mitre.oval:def:8896", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896" + }, + { + "name": "201072", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1" + }, + { + "name": "101677", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1" + }, + { + "name": "SUSE-SA:2004:038", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html" + }, + { + "name": "http://scary.beasts.org/security/CESA-2004-006.txt", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2004-006.txt" + }, + { + "name": "CLA-2004:888", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888" + }, + { + "name": "MDKSA-2005:052", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" + }, + { + "name": "http://www.kde.org/info/security/advisory-20041209-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20041209-2.txt" + }, + { + "name": "RHSA-2005:354", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html" + }, + { + "name": "12818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12818" + }, + { + "name": "libtiff-library-decoding-bo(17703)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17703" + }, + { + "name": "11406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11406" + }, + { + "name": "DSA-567", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-567" + }, + { + "name": "VU#948752", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/948752" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0856.json b/2004/0xxx/CVE-2004-0856.json index 6c1c2ed1417..47203152cf1 100644 --- a/2004/0xxx/CVE-2004-0856.json +++ b/2004/0xxx/CVE-2004-0856.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0856", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0856", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1031.json b/2004/1xxx/CVE-2004-1031.json index c25377727be..9b0d96376c6 100644 --- a/2004/1xxx/CVE-2004-1031.json +++ b/2004/1xxx/CVE-2004-1031.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041115 Multiple Security Vulnerabilities in Fcron", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false" - }, - { - "name" : "GLSA-200411-27", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200411-27.xml" - }, - { - "name" : "11684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11684" - }, - { - "name" : "fcron-fcronsighup-restrictions-bypass(18076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041115 Multiple Security Vulnerabilities in Fcron", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false" + }, + { + "name": "11684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11684" + }, + { + "name": "GLSA-200411-27", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200411-27.xml" + }, + { + "name": "fcron-fcronsighup-restrictions-bypass(18076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18076" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1047.json b/2004/1xxx/CVE-2004-1047.json index 745cc4c3167..af76d725e7c 100644 --- a/2004/1xxx/CVE-2004-1047.json +++ b/2004/1xxx/CVE-2004-1047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1630.json b/2004/1xxx/CVE-2004-1630.json index 804c4c10ab0..758c6186a2b 100644 --- a/2004/1xxx/CVE-2004-1630.json +++ b/2004/1xxx/CVE-2004-1630.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041024 Two Vulnerabilities in OpenWFE Web Client", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109876304705234&w=2" - }, - { - "name" : "11514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11514" - }, - { - "name" : "12970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12970" - }, - { - "name" : "openwfe-login-form-xss(17853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11514" + }, + { + "name": "12970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12970" + }, + { + "name": "20041024 Two Vulnerabilities in OpenWFE Web Client", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109876304705234&w=2" + }, + { + "name": "openwfe-login-form-xss(17853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17853" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1680.json b/2004/1xxx/CVE-2004-1680.json index edcbdf88951..7f1fe59e9d7 100644 --- a/2004/1xxx/CVE-2004-1680.json +++ b/2004/1xxx/CVE-2004-1680.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A091304-2", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2004/a091304-2.txt" - }, - { - "name" : "11161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11161" - }, - { - "name" : "12523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12523" - }, - { - "name" : "xpressa-applicationcgi-dos(17346)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11161" + }, + { + "name": "12523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12523" + }, + { + "name": "A091304-2", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2004/a091304-2.txt" + }, + { + "name": "xpressa-applicationcgi-dos(17346)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17346" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1715.json b/2004/1xxx/CVE-2004-1715.json index 8540b832769..a3535a7ba3e 100644 --- a/2004/1xxx/CVE-2004-1715.json +++ b/2004/1xxx/CVE-2004-1715.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via \"..\\\\\", \"..\\\", and similar dot dot sequences in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040811 Clearswift Mimesweeper Path Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109224211512029&w=2" - }, - { - "name" : "20040811 Re: Clearswift Mimesweeper Path Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109225567212978&w=2" - }, - { - "name" : "http://packetstormsecurity.nl/0408-exploits/clearswift.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.nl/0408-exploits/clearswift.txt" - }, - { - "name" : "10918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10918" - }, - { - "name" : "12273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12273" - }, - { - "name" : "mimesweeper-directory-traversal(16960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via \"..\\\\\", \"..\\\", and similar dot dot sequences in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10918" + }, + { + "name": "20040811 Re: Clearswift Mimesweeper Path Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109225567212978&w=2" + }, + { + "name": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.nl/0408-exploits/clearswift.txt" + }, + { + "name": "20040811 Clearswift Mimesweeper Path Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109224211512029&w=2" + }, + { + "name": "12273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12273" + }, + { + "name": "mimesweeper-directory-traversal(16960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16960" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2403.json b/2004/2xxx/CVE-2004-2403.json index 690dcb9da76..92741e94306 100644 --- a/2004/2xxx/CVE-2004-2403.json +++ b/2004/2xxx/CVE-2004-2403.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040916 RE: www.proboards.com / YaBB XSS Vuln", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html" - }, - { - "name" : "11214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11214" - }, - { - "name" : "10243", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10243" - }, - { - "name" : "12593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12593" - }, - { - "name" : "yabb-administrative-bypass(17453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12593" + }, + { + "name": "11214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11214" + }, + { + "name": "yabb-administrative-bypass(17453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17453" + }, + { + "name": "20040916 RE: www.proboards.com / YaBB XSS Vuln", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html" + }, + { + "name": "10243", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10243" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2604.json b/2004/2xxx/CVE-2004-2604.json index 3909e946d8d..c53c1a4ce3e 100644 --- a/2004/2xxx/CVE-2004-2604.json +++ b/2004/2xxx/CVE-2004-2604.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12115" - }, - { - "name" : "12627", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12627" - }, - { - "name" : "1012702", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012702" - }, - { - "name" : "phproxy-error-xss(18697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12115" + }, + { + "name": "12627", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12627" + }, + { + "name": "1012702", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012702" + }, + { + "name": "phproxy-error-xss(18697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18697" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2109.json b/2008/2xxx/CVE-2008-2109.json index 14bf23e992b..31b3947992c 100644 --- a/2008/2xxx/CVE-2008-2109.json +++ b/2008/2xxx/CVE-2008-2109.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\0', which triggers an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=210564", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=210564" - }, - { - "name" : "[mad-dev] 20080112 Initite loop bug in libid3tag-0.15.0b", - "refsource" : "MLIST", - "url" : "http://www.mars.org/mailman/public/mad-dev/2008-January/001366.html" - }, - { - "name" : "FEDORA-2008-3757", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html" - }, - { - "name" : "GLSA-200805-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-15.xml" - }, - { - "name" : "MDVSA-2008:103", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:103" - }, - { - "name" : "29210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29210" - }, - { - "name" : "30182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30182" - }, - { - "name" : "30173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30173" - }, - { - "name" : "libid3tag-field-dos(42271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\0', which triggers an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2008:103", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:103" + }, + { + "name": "GLSA-200805-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-15.xml" + }, + { + "name": "FEDORA-2008-3757", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html" + }, + { + "name": "30173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30173" + }, + { + "name": "30182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30182" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=210564", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=210564" + }, + { + "name": "29210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29210" + }, + { + "name": "[mad-dev] 20080112 Initite loop bug in libid3tag-0.15.0b", + "refsource": "MLIST", + "url": "http://www.mars.org/mailman/public/mad-dev/2008-January/001366.html" + }, + { + "name": "libid3tag-field-dos(42271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42271" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2224.json b/2008/2xxx/CVE-2008-2224.json index 2df70a3b171..9cc248b6532 100644 --- a/2008/2xxx/CVE-2008-2224.json +++ b/2008/2xxx/CVE-2008-2224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5566", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5566" - }, - { - "name" : "29113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29113" - }, - { - "name" : "30148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30148" - }, - { - "name" : "sazcart-headersaz-file-include(42289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sazcart-headersaz-file-include(42289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42289" + }, + { + "name": "29113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29113" + }, + { + "name": "5566", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5566" + }, + { + "name": "30148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30148" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2533.json b/2008/2xxx/CVE-2008-2533.json index d55818122ee..c97c4f244d7 100644 --- a/2008/2xxx/CVE-2008-2533.json +++ b/2008/2xxx/CVE-2008-2533.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5578", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5578" - }, - { - "name" : "29130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29130" - }, - { - "name" : "phoenixview-adminframe-xss(42314)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29130" + }, + { + "name": "5578", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5578" + }, + { + "name": "phoenixview-adminframe-xss(42314)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42314" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3203.json b/2008/3xxx/CVE-2008-3203.json index 0dcf851c550..423bb1e65e1 100644 --- a/2008/3xxx/CVE-2008-3203.json +++ b/2008/3xxx/CVE-2008-3203.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6033", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6033" - }, - { - "name" : "http://www.auracms.org/", - "refsource" : "CONFIRM", - "url" : "http://www.auracms.org/" - }, - { - "name" : "30169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30169" - }, - { - "name" : "31000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31000" - }, - { - "name" : "auracms-pagesdata-security-bypass(43682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6033", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6033" + }, + { + "name": "30169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30169" + }, + { + "name": "auracms-pagesdata-security-bypass(43682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43682" + }, + { + "name": "http://www.auracms.org/", + "refsource": "CONFIRM", + "url": "http://www.auracms.org/" + }, + { + "name": "31000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31000" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3263.json b/2008/3xxx/CVE-2008-3263.json index ccc5f2e4483..2874b209b90 100644 --- a/2008/3xxx/CVE-2008-3263.json +++ b/2008/3xxx/CVE-2008-3263.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080722 AST-2008-010: Asterisk IAX 'POKE' resource exhaustion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494675/100/0/threaded" - }, - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2008-010.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2008-010.html" - }, - { - "name" : "FEDORA-2008-6676", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html" - }, - { - "name" : "GLSA-200905-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200905-01.xml" - }, - { - "name" : "30321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30321" - }, - { - "name" : "34982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34982" - }, - { - "name" : "ADV-2008-2168", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2168/references" - }, - { - "name" : "1020535", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020535" - }, - { - "name" : "31178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31178" - }, - { - "name" : "31194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31194" - }, - { - "name" : "asterisk-poke-dos(43942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200905-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml" + }, + { + "name": "30321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30321" + }, + { + "name": "31194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31194" + }, + { + "name": "asterisk-poke-dos(43942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43942" + }, + { + "name": "ADV-2008-2168", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2168/references" + }, + { + "name": "FEDORA-2008-6676", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html" + }, + { + "name": "31178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31178" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl" + }, + { + "name": "20080722 AST-2008-010: Asterisk IAX 'POKE' resource exhaustion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494675/100/0/threaded" + }, + { + "name": "1020535", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020535" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2008-010.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2008-010.html" + }, + { + "name": "34982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34982" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3269.json b/2008/3xxx/CVE-2008-3269.json index 76e2cfdd7e8..20bd242893d 100644 --- a/2008/3xxx/CVE-2008-3269.json +++ b/2008/3xxx/CVE-2008-3269.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6077", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6077" - }, - { - "name" : "30236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30236" - }, - { - "name" : "ADV-2008-2112", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2112/references" - }, - { - "name" : "31102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31102" - }, - { - "name" : "4030", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4030" - }, - { - "name" : "winremotepc-packets-dos(43784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30236" + }, + { + "name": "ADV-2008-2112", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2112/references" + }, + { + "name": "4030", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4030" + }, + { + "name": "31102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31102" + }, + { + "name": "6077", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6077" + }, + { + "name": "winremotepc-packets-dos(43784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43784" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4537.json b/2008/4xxx/CVE-2008-4537.json index fff493c5af7..7065bc62fbb 100644 --- a/2008/4xxx/CVE-2008-4537.json +++ b/2008/4xxx/CVE-2008-4537.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ec-cube.net/release/detail.php?release_id=193", - "refsource" : "MISC", - "url" : "http://www.ec-cube.net/release/detail.php?release_id=193" - }, - { - "name" : "JVN#26621646", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN26621646/index.html" - }, - { - "name" : "JVNDB-2008-000062", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000062.html" - }, - { - "name" : "31509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31509" - }, - { - "name" : "32065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32065" - }, - { - "name" : "eccube-unspecified3-xss(45851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31509" + }, + { + "name": "eccube-unspecified3-xss(45851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45851" + }, + { + "name": "JVN#26621646", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN26621646/index.html" + }, + { + "name": "http://www.ec-cube.net/release/detail.php?release_id=193", + "refsource": "MISC", + "url": "http://www.ec-cube.net/release/detail.php?release_id=193" + }, + { + "name": "JVNDB-2008-000062", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000062.html" + }, + { + "name": "32065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32065" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6255.json b/2008/6xxx/CVE-2008-6255.json index f9db4b6c74e..919d6e31b04 100644 --- a/2008/6xxx/CVE-2008-6255.json +++ b/2008/6xxx/CVE-2008-6255.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081117 [waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498390/100/0/threaded" - }, - { - "name" : "http://www.waraxe.us/advisory-69.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-69.html" - }, - { - "name" : "32775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32775" - }, - { - "name" : "vbulletin-answer-extension-sql-injection(46682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vbulletin-answer-extension-sql-injection(46682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46682" + }, + { + "name": "http://www.waraxe.us/advisory-69.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-69.html" + }, + { + "name": "32775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32775" + }, + { + "name": "20081117 [waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498390/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6339.json b/2008/6xxx/CVE-2008-6339.json index e3fbfa4addf..a7ee87611b5 100644 --- a/2008/6xxx/CVE-2008-6339.json +++ b/2008/6xxx/CVE-2008-6339.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6339", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6339. Reason: This candidate is a duplicate of CVE-2007-6339. Notes: All CVE users should reference CVE-2007-6339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-6339", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6339. Reason: This candidate is a duplicate of CVE-2007-6339. Notes: All CVE users should reference CVE-2007-6339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6571.json b/2008/6xxx/CVE-2008-6571.json index c5e24a9e52e..52f826a9d9b 100644 --- a/2008/6xxx/CVE-2008-6571.json +++ b/2008/6xxx/CVE-2008-6571.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup", - "refsource" : "CONFIRM", - "url" : "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup" - }, - { - "name" : "50225", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50225" - }, - { - "name" : "50226", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50226" - }, - { - "name" : "50227", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50227" - }, - { - "name" : "29724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50225", + "refsource": "OSVDB", + "url": "http://osvdb.org/50225" + }, + { + "name": "29724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29724" + }, + { + "name": "50226", + "refsource": "OSVDB", + "url": "http://osvdb.org/50226" + }, + { + "name": "50227", + "refsource": "OSVDB", + "url": "http://osvdb.org/50227" + }, + { + "name": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup", + "refsource": "CONFIRM", + "url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6739.json b/2008/6xxx/CVE-2008-6739.json index 7723e47dfca..1603c0a9a8a 100644 --- a/2008/6xxx/CVE-2008-6739.json +++ b/2008/6xxx/CVE-2008-6739.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5780", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5780" - }, - { - "name" : "adm-setupdownload-security-bypass(42983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adm-setupdownload-security-bypass(42983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42983" + }, + { + "name": "5780", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5780" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7016.json b/2008/7xxx/CVE-2008-7016.json index 828e054fca6..78caa5bc9cf 100644 --- a/2008/7xxx/CVE-2008-7016.json +++ b/2008/7xxx/CVE-2008-7016.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/tnftpd/?branch_id=14355&release_id=285654#", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/tnftpd/?branch_id=14355&release_id=285654#" - }, - { - "name" : "48637", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48637" - }, - { - "name" : "31958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31958" - }, - { - "name" : "tnftpd-url-csrf(45534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31958" + }, + { + "name": "48637", + "refsource": "OSVDB", + "url": "http://osvdb.org/48637" + }, + { + "name": "http://freshmeat.net/projects/tnftpd/?branch_id=14355&release_id=285654#", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/tnftpd/?branch_id=14355&release_id=285654#" + }, + { + "name": "tnftpd-url-csrf(45534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45534" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7271.json b/2008/7xxx/CVE-2008-7271.json index abef50a4058..5d8ca4a3ded 100644 --- a/2008/7xxx/CVE-2008-7271.json +++ b/2008/7xxx/CVE-2008-7271.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html", - "refsource" : "MISC", - "url" : "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html" - }, - { - "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539", - "refsource" : "MISC", - "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html", + "refsource": "MISC", + "url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html" + }, + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539", + "refsource": "MISC", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11110.json b/2017/11xxx/CVE-2017-11110.json index 6b86c773fcb..4c8374adc01 100644 --- a/2017/11xxx/CVE-2017-11110.json +++ b/2017/11xxx/CVE-2017-11110.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1468471", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1468471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1468471", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468471" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11226.json b/2017/11xxx/CVE-2017-11226.json index abf8c6ee1a7..b1919941d1d 100644 --- a/2017/11xxx/CVE-2017-11226.json +++ b/2017/11xxx/CVE-2017-11226.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100179" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + }, + { + "name": "100179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100179" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11488.json b/2017/11xxx/CVE-2017-11488.json index 8cfd253a2ee..5318a0c27f7 100644 --- a/2017/11xxx/CVE-2017-11488.json +++ b/2017/11xxx/CVE-2017-11488.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11488", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-11488", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11674.json b/2017/11xxx/CVE-2017-11674.json index b8f0e52c180..bb82f0c7c2d 100644 --- a/2017/11xxx/CVE-2017-11674.json +++ b/2017/11xxx/CVE-2017-11674.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a \"Read Access Violation starting at reporter!madTraceProcess.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code610.blogspot.com/2017/07/readwrite-access-violation-acunetix.html", - "refsource" : "MISC", - "url" : "http://code610.blogspot.com/2017/07/readwrite-access-violation-acunetix.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a \"Read Access Violation starting at reporter!madTraceProcess.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code610.blogspot.com/2017/07/readwrite-access-violation-acunetix.html", + "refsource": "MISC", + "url": "http://code610.blogspot.com/2017/07/readwrite-access-violation-acunetix.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14689.json b/2017/14xxx/CVE-2017-14689.json index c7384f7ccfe..308127d5c24 100644 --- a/2017/14xxx/CVE-2017-14689.json +++ b/2017/14xxx/CVE-2017-14689.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14689", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14689", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14689" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14752.json b/2017/14xxx/CVE-2017-14752.json index 4893efe2c35..22852333293 100644 --- a/2017/14xxx/CVE-2017-14752.json +++ b/2017/14xxx/CVE-2017-14752.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1719491", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/mahara/+bug/1719491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1719491", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/mahara/+bug/1719491" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14968.json b/2017/14xxx/CVE-2017-14968.json index 21d36f1017c..3f0c6e8bf24 100644 --- a/2017/14xxx/CVE-2017-14968.json +++ b/2017/14xxx/CVE-2017-14968.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.greyhathacker.net/?p=995", - "refsource" : "MISC", - "url" : "http://www.greyhathacker.net/?p=995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.greyhathacker.net/?p=995", + "refsource": "MISC", + "url": "http://www.greyhathacker.net/?p=995" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15294.json b/2017/15xxx/CVE-2017-15294.json index 649800fdc1f..24be9837e33 100644 --- a/2017/15xxx/CVE-2017-15294.json +++ b/2017/15xxx/CVE-2017-15294.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/", - "refsource" : "MISC", - "url" : "https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-17-035-xss-crm-administration-console-java/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-17-035-xss-crm-administration-console-java/" - }, - { - "name" : "99532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99532" + }, + { + "name": "https://erpscan.io/advisories/erpscan-17-035-xss-crm-administration-console-java/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-17-035-xss-crm-administration-console-java/" + }, + { + "name": "https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/", + "refsource": "MISC", + "url": "https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15338.json b/2017/15xxx/CVE-2017-15338.json index 0a19aeca522..f578439082c 100644 --- a/2017/15xxx/CVE-2017-15338.json +++ b/2017/15xxx/CVE-2017-15338.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-15338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300,IPS Module,NGFW Module,NIP6300,NIP6600,NIP6800,RP200,SVN5600,SVN5800,SVN5800-C,SeMG9811,Secospace USG6300,Secospace USG6500,Secospace USG6600,TE30,TE40,TE50,TE60,USG9500,USG9520,USG9560,USG9580,VP9660,ViewPoint 8660,ViewPoint 9030,eSpace U1981", - "version" : { - "version_data" : [ - { - "version_value" : "DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-15338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300,IPS Module,NGFW Module,NIP6300,NIP6600,NIP6800,RP200,SVN5600,SVN5800,SVN5800-C,SeMG9811,Secospace USG6300,Secospace USG6500,Secospace USG6600,TE30,TE40,TE50,TE60,USG9500,USG9520,USG9560,USG9580,VP9660,ViewPoint 8660,ViewPoint 9030,eSpace U1981", + "version": { + "version_data": [ + { + "version_value": "DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15751.json b/2017/15xxx/CVE-2017-15751.json index d61462b745b..06eda85905e 100644 --- a/2017/15xxx/CVE-2017-15751.json +++ b/2017/15xxx/CVE-2017-15751.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009f39.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15751", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009f39.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15751", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15751" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15849.json b/2017/15xxx/CVE-2017-15849.json index 46c4301ac10..f889cf47609 100644 --- a/2017/15xxx/CVE-2017-15849.json +++ b/2017/15xxx/CVE-2017-15849.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-15849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Display" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-15849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "102413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102413" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Display" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "102413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102413" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8706.json b/2017/8xxx/CVE-2017-8706.json index f128f29bab8..11bcfd9307d 100644 --- a/2017/8xxx/CVE-2017-8706.json +++ b/2017/8xxx/CVE-2017-8706.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Hyper-V", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Hyper-V", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8706", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8706" - }, - { - "name" : "100789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100789" - }, - { - "name" : "1039317", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039317", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039317" + }, + { + "name": "100789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100789" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8706", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8706" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9365.json b/2017/9xxx/CVE-2017-9365.json index 8524daf3252..c7f578a8c61 100644 --- a/2017/9xxx/CVE-2017-9365.json +++ b/2017/9xxx/CVE-2017-9365.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/commit/c17d09b05d9c20c214ee2f4fbb52f7307a7b4b6f", - "refsource" : "CONFIRM", - "url" : "https://github.com/bigtreecms/BigTree-CMS/commit/c17d09b05d9c20c214ee2f4fbb52f7307a7b4b6f" - }, - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/281", - "refsource" : "CONFIRM", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/281", + "refsource": "CONFIRM", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/281" + }, + { + "name": "https://github.com/bigtreecms/BigTree-CMS/commit/c17d09b05d9c20c214ee2f4fbb52f7307a7b4b6f", + "refsource": "CONFIRM", + "url": "https://github.com/bigtreecms/BigTree-CMS/commit/c17d09b05d9c20c214ee2f4fbb52f7307a7b4b6f" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9539.json b/2017/9xxx/CVE-2017-9539.json index 3fcde7fac4f..dbab5acfed2 100644 --- a/2017/9xxx/CVE-2017-9539.json +++ b/2017/9xxx/CVE-2017-9539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000112.json b/2018/1000xxx/CVE-2018-1000112.json index d24c3514879..5c3c0208c17 100644 --- a/2018/1000xxx/CVE-2018-1000112.json +++ b/2018/1000xxx/CVE-2018-1000112.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-02-26", - "ID" : "CVE-2018-1000112", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Mercurial Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.2 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-912, CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-02-26", + "ID": "CVE-2018-1000112", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-726", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-726", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-726" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000404.json b/2018/1000xxx/CVE-2018-1000404.json index 33741ecea5a..824dda2c5db 100644 --- a/2018/1000xxx/CVE-2018-1000404.json +++ b/2018/1000xxx/CVE-2018-1000404.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-08T15:52:41.209111", - "DATE_REQUESTED" : "2018-06-20T18:05:10", - "ID" : "CVE-2018-1000404", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins AWS CodeBuild Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "0.26 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficiently Protected Credentials" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-08T15:52:41.209111", + "DATE_REQUESTED": "2018-06-20T18:05:10", + "ID": "CVE-2018-1000404", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-834", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-834", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-834" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12378.json b/2018/12xxx/CVE-2018-12378.json index 9805c60f43a..f17c9c47003 100644 --- a/2018/12xxx/CVE-2018-12378.json +++ b/2018/12xxx/CVE-2018-12378.json @@ -1,165 +1,165 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "62" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.2" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free in IndexedDB" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "62" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.2" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1459383", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1459383" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-20/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-20/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-21/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-21/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-25/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-25/" - }, - { - "name" : "DSA-4287", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4287" - }, - { - "name" : "DSA-4327", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4327" - }, - { - "name" : "GLSA-201810-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-01" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:2692", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2692" - }, - { - "name" : "RHSA-2018:2693", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2693" - }, - { - "name" : "RHSA-2018:3403", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3403" - }, - { - "name" : "RHSA-2018:3458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3458" - }, - { - "name" : "USN-3761-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3761-1/" - }, - { - "name" : "USN-3793-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3793-1/" - }, - { - "name" : "105280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105280" - }, - { - "name" : "1041610", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in IndexedDB" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105280" + }, + { + "name": "GLSA-201810-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-01" + }, + { + "name": "RHSA-2018:2693", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2693" + }, + { + "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "DSA-4327", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4327" + }, + { + "name": "RHSA-2018:3403", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3403" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-20/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-20/" + }, + { + "name": "1041610", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041610" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459383", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459383" + }, + { + "name": "RHSA-2018:2692", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2692" + }, + { + "name": "RHSA-2018:3458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3458" + }, + { + "name": "USN-3793-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3793-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-21/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-21/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-25/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/" + }, + { + "name": "USN-3761-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3761-1/" + }, + { + "name": "DSA-4287", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4287" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12644.json b/2018/12xxx/CVE-2018-12644.json index 2ab02f06686..af3458bd931 100644 --- a/2018/12xxx/CVE-2018-12644.json +++ b/2018/12xxx/CVE-2018-12644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12644", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12644", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12655.json b/2018/12xxx/CVE-2018-12655.json index 4be7f1f167d..71b7d576bc8 100644 --- a/2018/12xxx/CVE-2018-12655.json +++ b/2018/12xxx/CVE-2018-12655.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/slims/slims8_akasia/issues/99", - "refsource" : "MISC", - "url" : "https://github.com/slims/slims8_akasia/issues/99" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/slims/slims8_akasia/issues/99", + "refsource": "MISC", + "url": "https://github.com/slims/slims8_akasia/issues/99" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12707.json b/2018/12xxx/CVE-2018-12707.json index 1a850b53f40..2b5f5f3409d 100644 --- a/2018/12xxx/CVE-2018-12707.json +++ b/2018/12xxx/CVE-2018-12707.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12707", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12707", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13392.json b/2018/13xxx/CVE-2018-13392.json index d91bd45a645..650bcf7b15f 100644 --- a/2018/13xxx/CVE-2018-13392.json +++ b/2018/13xxx/CVE-2018-13392.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-08-13T00:00:00", - "ID" : "CVE-2018-13392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fisheye and Crucible", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "4.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-08-13T00:00:00", + "ID": "CVE-2018-13392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fisheye and Crucible", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8304", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CRUC-8304" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-7081", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-7081" - }, - { - "name" : "105096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CRUC-8304", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CRUC-8304" + }, + { + "name": "https://jira.atlassian.com/browse/FE-7081", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-7081" + }, + { + "name": "105096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105096" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13489.json b/2018/13xxx/CVE-2018-13489.json index d595f121c77..8ad8d60b2ef 100644 --- a/2018/13xxx/CVE-2018-13489.json +++ b/2018/13xxx/CVE-2018-13489.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for OllisCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OllisCoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OllisCoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for OllisCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OllisCoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OllisCoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13663.json b/2018/13xxx/CVE-2018-13663.json index 2351b510117..dfbc9421cc8 100644 --- a/2018/13xxx/CVE-2018-13663.json +++ b/2018/13xxx/CVE-2018-13663.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BSCToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BSCToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BSCToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BSCToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16018.json b/2018/16xxx/CVE-2018-16018.json index b0734cccf15..5b9b1ddc879 100644 --- a/2018/16xxx/CVE-2018-16018.json +++ b/2018/16xxx/CVE-2018-16018.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html" - }, - { - "name" : "106449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106449" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16371.json b/2018/16xxx/CVE-2018-16371.json index 4d96e5ed26c..0620fff0052 100644 --- a/2018/16xxx/CVE-2018-16371.json +++ b/2018/16xxx/CVE-2018-16371.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lazyphp/PESCMS-TEAM/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/lazyphp/PESCMS-TEAM/issues/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lazyphp/PESCMS-TEAM/issues/3", + "refsource": "MISC", + "url": "https://github.com/lazyphp/PESCMS-TEAM/issues/3" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16398.json b/2018/16xxx/CVE-2018-16398.json index 8a16dfc365b..232319722bf 100644 --- a/2018/16xxx/CVE-2018-16398.json +++ b/2018/16xxx/CVE-2018-16398.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\\/start to bypass a policy in which \"docker start\" is allowed but \"docker pause\" is not allowed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/twistlock/authz/issues/50", - "refsource" : "MISC", - "url" : "https://github.com/twistlock/authz/issues/50" - }, - { - "name" : "https://github.com/twistlock/authz/issues/51", - "refsource" : "MISC", - "url" : "https://github.com/twistlock/authz/issues/51" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\\/start to bypass a policy in which \"docker start\" is allowed but \"docker pause\" is not allowed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/twistlock/authz/issues/50", + "refsource": "MISC", + "url": "https://github.com/twistlock/authz/issues/50" + }, + { + "name": "https://github.com/twistlock/authz/issues/51", + "refsource": "MISC", + "url": "https://github.com/twistlock/authz/issues/51" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16981.json b/2018/16xxx/CVE-2018-16981.json index 75c26a60502..ce2ca3b14e9 100644 --- a/2018/16xxx/CVE-2018-16981.json +++ b/2018/16xxx/CVE-2018-16981.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nothings/stb/issues/656", - "refsource" : "MISC", - "url" : "https://github.com/nothings/stb/issues/656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nothings/stb/issues/656", + "refsource": "MISC", + "url": "https://github.com/nothings/stb/issues/656" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4016.json b/2018/4xxx/CVE-2018-4016.json index 85e04d7d915..b34ff7e5d63 100644 --- a/2018/4xxx/CVE-2018-4016.json +++ b/2018/4xxx/CVE-2018-4016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4156.json b/2018/4xxx/CVE-2018-4156.json index 5d2c816c5fb..45d5ea5df43 100644 --- a/2018/4xxx/CVE-2018-4156.json +++ b/2018/4xxx/CVE-2018-4156.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the \"PluginKit\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208692", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208692" - }, - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "103581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103581" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - }, - { - "name" : "1040608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the \"PluginKit\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208692", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208692" + }, + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "103581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103581" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "1040608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040608" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4590.json b/2018/4xxx/CVE-2018-4590.json index e18522ed049..452019adbab 100644 --- a/2018/4xxx/CVE-2018-4590.json +++ b/2018/4xxx/CVE-2018-4590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4590", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4590", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4976.json b/2018/4xxx/CVE-2018-4976.json index e74277e4c25..55322aadc3b 100644 --- a/2018/4xxx/CVE-2018-4976.json +++ b/2018/4xxx/CVE-2018-4976.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104175" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + }, + { + "name": "104175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104175" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7425.json b/2019/7xxx/CVE-2019-7425.json index 5981ce91f65..5acdc04c35b 100644 --- a/2019/7xxx/CVE-2019-7425.json +++ b/2019/7xxx/CVE-2019-7425.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7425", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/linkdownalertConfig.jsp\" file in the task parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html" + }, + { + "url": "https://www.manageengine.com/products/netflow/?doc", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/netflow/?doc" + }, + { + "refsource": "FULLDISC", + "name": "20190206 [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone", + "url": "http://seclists.org/fulldisclosure/2019/Feb/29" } ] }