From 2f8fc2812902c25f09106b73c7e2d43b8cdc95d9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:52:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0273.json | 160 +++++++------- 2004/1xxx/CVE-2004-1068.json | 320 ++++++++++++++-------------- 2004/1xxx/CVE-2004-1539.json | 150 ++++++------- 2004/1xxx/CVE-2004-1617.json | 220 +++++++++---------- 2004/1xxx/CVE-2004-1648.json | 160 +++++++------- 2004/1xxx/CVE-2004-1830.json | 160 +++++++------- 2004/1xxx/CVE-2004-1909.json | 160 +++++++------- 2008/2xxx/CVE-2008-2566.json | 160 +++++++------- 2008/3xxx/CVE-2008-3137.json | 330 ++++++++++++++--------------- 2008/3xxx/CVE-2008-3299.json | 130 ++++++------ 2008/3xxx/CVE-2008-3786.json | 150 ++++++------- 2008/4xxx/CVE-2008-4095.json | 170 +++++++-------- 2008/4xxx/CVE-2008-4911.json | 140 ++++++------ 2008/4xxx/CVE-2008-4930.json | 140 ++++++------ 2008/6xxx/CVE-2008-6181.json | 170 +++++++-------- 2008/6xxx/CVE-2008-6374.json | 140 ++++++------ 2008/6xxx/CVE-2008-6426.json | 34 +-- 2008/6xxx/CVE-2008-6429.json | 150 ++++++------- 2008/6xxx/CVE-2008-6966.json | 140 ++++++------ 2013/2xxx/CVE-2013-2255.json | 34 +-- 2013/2xxx/CVE-2013-2340.json | 130 ++++++------ 2013/2xxx/CVE-2013-2467.json | 180 ++++++++-------- 2013/2xxx/CVE-2013-2476.json | 200 ++++++++--------- 2013/2xxx/CVE-2013-2971.json | 34 +-- 2013/6xxx/CVE-2013-6662.json | 120 +++++------ 2017/11xxx/CVE-2017-11326.json | 120 +++++------ 2017/11xxx/CVE-2017-11462.json | 150 ++++++------- 2017/11xxx/CVE-2017-11480.json | 120 +++++------ 2017/14xxx/CVE-2017-14120.json | 130 ++++++------ 2017/14xxx/CVE-2017-14255.json | 34 +-- 2017/14xxx/CVE-2017-14492.json | 310 +++++++++++++-------------- 2017/14xxx/CVE-2017-14558.json | 120 +++++------ 2017/14xxx/CVE-2017-14665.json | 34 +-- 2017/15xxx/CVE-2017-15158.json | 34 +-- 2017/15xxx/CVE-2017-15188.json | 120 +++++------ 2017/15xxx/CVE-2017-15308.json | 122 +++++------ 2017/9xxx/CVE-2017-9192.json | 120 +++++------ 2017/9xxx/CVE-2017-9722.json | 122 +++++------ 2017/9xxx/CVE-2017-9801.json | 142 ++++++------- 2017/9xxx/CVE-2017-9819.json | 120 +++++------ 2017/9xxx/CVE-2017-9992.json | 150 ++++++------- 2018/0xxx/CVE-2018-0097.json | 140 ++++++------ 2018/1000xxx/CVE-2018-1000060.json | 164 +++++++------- 2018/1000xxx/CVE-2018-1000511.json | 126 +++++------ 2018/12xxx/CVE-2018-12012.json | 34 +-- 2018/12xxx/CVE-2018-12298.json | 34 +-- 2018/16xxx/CVE-2018-16053.json | 34 +-- 2018/16xxx/CVE-2018-16146.json | 140 ++++++------ 2018/16xxx/CVE-2018-16165.json | 130 ++++++------ 2018/16xxx/CVE-2018-16471.json | 130 ++++++------ 2018/16xxx/CVE-2018-16592.json | 34 +-- 2018/4xxx/CVE-2018-4259.json | 34 +-- 2018/4xxx/CVE-2018-4319.json | 34 +-- 2018/4xxx/CVE-2018-4364.json | 34 +-- 2018/4xxx/CVE-2018-4748.json | 34 +-- 2018/4xxx/CVE-2018-4930.json | 130 ++++++------ 2018/4xxx/CVE-2018-4931.json | 130 ++++++------ 57 files changed, 3596 insertions(+), 3596 deletions(-) diff --git a/2004/0xxx/CVE-2004-0273.json b/2004/0xxx/CVE-2004-0273.json index 524dd61a31d..9cb336f6806 100644 --- a/2004/0xxx/CVE-2004-0273.json +++ b/2004/0xxx/CVE-2004-0273.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040210 Directory traversal in RealPlayer allows code execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107642978524321&w=2" - }, - { - "name" : "http://service.real.com/help/faq/security/040123_player/EN/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/help/faq/security/040123_player/EN/" - }, - { - "name" : "VU#514734", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/514734" - }, - { - "name" : "9580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9580" - }, - { - "name" : "realoneplayer-rmp-directory-traversal(15123)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#514734", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/514734" + }, + { + "name": "realoneplayer-rmp-directory-traversal(15123)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123" + }, + { + "name": "20040210 Directory traversal in RealPlayer allows code execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107642978524321&w=2" + }, + { + "name": "9580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9580" + }, + { + "name": "http://service.real.com/help/faq/security/040123_player/EN/", + "refsource": "CONFIRM", + "url": "http://service.real.com/help/faq/security/040123_player/EN/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1068.json b/2004/1xxx/CVE-2004-1068.json index 023cd1adf60..ce59f23acae 100644 --- a/2004/1xxx/CVE-2004-1068.json +++ b/2004/1xxx/CVE-2004-1068.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A \"missing serialization\" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/381689" - }, - { - "name" : "DSA-1070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1070" - }, - { - "name" : "DSA-1067", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1067" - }, - { - "name" : "DSA-1069", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1069" - }, - { - "name" : "DSA-1082", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1082" - }, - { - "name" : "FLSA:2336", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336" - }, - { - "name" : "MDKSA-2005:022", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" - }, - { - "name" : "RHSA-2004:537", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-537.html" - }, - { - "name" : "20041214 [USN-38-1] Linux kernel vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110306397320336&w=2" - }, - { - "name" : "RHSA-2004:504", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html" - }, - { - "name" : "RHSA-2004:505", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-505.html" - }, - { - "name" : "20060402-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" - }, - { - "name" : "SUSE-SA:2004:044", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_44_kernel.html" - }, - { - "name" : "11715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11715" - }, - { - "name" : "oval:org.mitre.oval:def:11384", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11384" - }, - { - "name" : "20162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20162" - }, - { - "name" : "20163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20163" - }, - { - "name" : "20202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20202" - }, - { - "name" : "20338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20338" - }, - { - "name" : "19607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19607" - }, - { - "name" : "linux-afunix-race-condition(18230)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A \"missing serialization\" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20163" + }, + { + "name": "DSA-1082", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1082" + }, + { + "name": "MDKSA-2005:022", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" + }, + { + "name": "20041214 [USN-38-1] Linux kernel vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110306397320336&w=2" + }, + { + "name": "FLSA:2336", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336" + }, + { + "name": "11715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11715" + }, + { + "name": "SUSE-SA:2004:044", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_44_kernel.html" + }, + { + "name": "19607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19607" + }, + { + "name": "DSA-1070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1070" + }, + { + "name": "RHSA-2004:537", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" + }, + { + "name": "20162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20162" + }, + { + "name": "20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/381689" + }, + { + "name": "DSA-1067", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1067" + }, + { + "name": "DSA-1069", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1069" + }, + { + "name": "20060402-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" + }, + { + "name": "RHSA-2004:505", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html" + }, + { + "name": "20202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20202" + }, + { + "name": "oval:org.mitre.oval:def:11384", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11384" + }, + { + "name": "RHSA-2004:504", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-504.html" + }, + { + "name": "linux-afunix-race-condition(18230)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18230" + }, + { + "name": "20338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20338" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1539.json b/2004/1xxx/CVE-2004-1539.json index 0050606d5fe..2d79c5417a3 100644 --- a/2004/1xxx/CVE-2004-1539.json +++ b/2004/1xxx/CVE-2004-1539.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041122 Broadcast client crash in Halo 1.05", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110114770406920&w=2" - }, - { - "name" : "11724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11724" - }, - { - "name" : "13273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13273" - }, - { - "name" : "halo-long-reply-dos(18196)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11724" + }, + { + "name": "halo-long-reply-dos(18196)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18196" + }, + { + "name": "13273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13273" + }, + { + "name": "20041122 Broadcast client crash in Halo 1.05", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110114770406920&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1617.json b/2004/1xxx/CVE-2004-1617.json index d29d8bd42d2..d2dc7710243 100644 --- a/2004/1xxx/CVE-2004-1617.json +++ b/2004/1xxx/CVE-2004-1617.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041018 Web browsers - a mini-farce", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109811406620511&w=2" - }, - { - "name" : "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435689/30/4740/threaded" - }, - { - "name" : "20041018 Web browsers - a mini-farce", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html" - }, - { - "name" : "http://lcamtuf.coredump.cx/mangleme/gallery/", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/mangleme/gallery/" - }, - { - "name" : "DSA-1077", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1077" - }, - { - "name" : "DSA-1076", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1076" - }, - { - "name" : "DSA-1085", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1085" - }, - { - "name" : "11443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11443" - }, - { - "name" : "1011809", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011809" - }, - { - "name" : "20383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20383" - }, - { - "name" : "lynx-dos(17804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11443" + }, + { + "name": "20041018 Web browsers - a mini-farce", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109811406620511&w=2" + }, + { + "name": "DSA-1077", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1077" + }, + { + "name": "1011809", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011809" + }, + { + "name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded" + }, + { + "name": "DSA-1076", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1076" + }, + { + "name": "DSA-1085", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1085" + }, + { + "name": "20041018 Web browsers - a mini-farce", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html" + }, + { + "name": "http://lcamtuf.coredump.cx/mangleme/gallery/", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/mangleme/gallery/" + }, + { + "name": "20383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20383" + }, + { + "name": "lynx-dos(17804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1648.json b/2004/1xxx/CVE-2004-1648.json index 8d9eeebf935..f11cb26815f 100644 --- a/2004/1xxx/CVE-2004-1648.json +++ b/2004/1xxx/CVE-2004-1648.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040830 Password Protect XSS and SQL-Injection vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109414967003192&w=2" - }, - { - "name" : "http://www.criolabs.net/advisories/passprotect.txt", - "refsource" : "MISC", - "url" : "http://www.criolabs.net/advisories/passprotect.txt" - }, - { - "name" : "11073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11073" - }, - { - "name" : "12407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12407" - }, - { - "name" : "password-protect-showmsg-xss(17187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "password-protect-showmsg-xss(17187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17187" + }, + { + "name": "11073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11073" + }, + { + "name": "20040830 Password Protect XSS and SQL-Injection vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109414967003192&w=2" + }, + { + "name": "12407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12407" + }, + { + "name": "http://www.criolabs.net/advisories/passprotect.txt", + "refsource": "MISC", + "url": "http://www.criolabs.net/advisories/passprotect.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1830.json b/2004/1xxx/CVE-2004-1830.json index fe7a731f938..990e24bfa10 100644 --- a/2004/1xxx/CVE-2004-1830.json +++ b/2004/1xxx/CVE-2004-1830.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040318 [waraxe-2004-SA#010 - Multiple vulnerabilities in Error Manager", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107963064317560&w=2" - }, - { - "name" : "9911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9911" - }, - { - "name" : "4386", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4386" - }, - { - "name" : "11164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11164" - }, - { - "name" : "errormanager-error-path-disclosure(15524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "errormanager-error-path-disclosure(15524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15524" + }, + { + "name": "4386", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4386" + }, + { + "name": "11164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11164" + }, + { + "name": "9911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9911" + }, + { + "name": "20040318 [waraxe-2004-SA#010 - Multiple vulnerabilities in Error Manager", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107963064317560&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1909.json b/2004/1xxx/CVE-2004-1909.json index df7f4337112..d02fea97f6f 100644 --- a/2004/1xxx/CVE-2004-1909.json +++ b/2004/1xxx/CVE-2004-1909.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462" - }, - { - "name" : "GLSA-200404-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200404-07.xml" - }, - { - "name" : "9897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9897" - }, - { - "name" : "11177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11177" - }, - { - "name" : "clam-antivirus-rar-dos(15553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "clam-antivirus-rar-dos(15553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15553" + }, + { + "name": "9897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9897" + }, + { + "name": "http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462" + }, + { + "name": "GLSA-200404-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200404-07.xml" + }, + { + "name": "11177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11177" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2566.json b/2008/2xxx/CVE-2008-2566.json index 3d877584232..9b0829fd102 100644 --- a/2008/2xxx/CVE-2008-2566.json +++ b/2008/2xxx/CVE-2008-2566.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5739", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5739" - }, - { - "name" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "30540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30540" - }, - { - "name" : "phpaddressbook-group-xss(42856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856" - }, - { - "name" : "phpaddressbook-grouppara-xss(99624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30540" + }, + { + "name": "phpaddressbook-group-xss(42856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856" + }, + { + "name": "5739", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5739" + }, + { + "name": "phpaddressbook-grouppara-xss(99624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624" + }, + { + "name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3137.json b/2008/3xxx/CVE-2008-3137.json index 535a9dff467..b2a49b3e42e 100644 --- a/2008/3xxx/CVE-2008-3137.json +++ b/2008/3xxx/CVE-2008-3137.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080703 rPSA-2008-0212-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493882/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" - }, - { - "name" : "DSA-1673", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1673" - }, - { - "name" : "FEDORA-2008-6440", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" - }, - { - "name" : "GLSA-200808-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-04.xml" - }, - { - "name" : "RHSA-2008:0890", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "30020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30020" - }, - { - "name" : "oval:org.mitre.oval:def:10860", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10860" - }, - { - "name" : "oval:org.mitre.oval:def:15068", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15068" - }, - { - "name" : "1020404", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020404" - }, - { - "name" : "30886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30886" - }, - { - "name" : "30942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30942" - }, - { - "name" : "31085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31085" - }, - { - "name" : "ADV-2008-1982", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1982/references" - }, - { - "name" : "ADV-2008-2773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2773" - }, - { - "name" : "31378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31378" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - }, - { - "name" : "32091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32091" - }, - { - "name" : "32944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30886" + }, + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "30942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30942" + }, + { + "name": "FEDORA-2008-6440", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" + }, + { + "name": "RHSA-2008:0890", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html" + }, + { + "name": "ADV-2008-1982", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1982/references" + }, + { + "name": "oval:org.mitre.oval:def:10860", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10860" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2008-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2008-03.html" + }, + { + "name": "GLSA-200808-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml" + }, + { + "name": "oval:org.mitre.oval:def:15068", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15068" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" + }, + { + "name": "32091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32091" + }, + { + "name": "20080703 rPSA-2008-0212-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493882/100/0/threaded" + }, + { + "name": "ADV-2008-2773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2773" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" + }, + { + "name": "32944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32944" + }, + { + "name": "30020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30020" + }, + { + "name": "31378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31378" + }, + { + "name": "1020404", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020404" + }, + { + "name": "DSA-1673", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1673" + }, + { + "name": "31085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31085" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3299.json b/2008/3xxx/CVE-2008-3299.json index 3c228844dc0..709f5e446d4 100644 --- a/2008/3xxx/CVE-2008-3299.json +++ b/2008/3xxx/CVE-2008-3299.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30332" - }, - { - "name" : "esyndicat-adminlng-authentication-bypass(43972)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "esyndicat-adminlng-authentication-bypass(43972)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43972" + }, + { + "name": "30332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30332" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3786.json b/2008/3xxx/CVE-2008-3786.json index 9f354b76600..a5ea2822175 100644 --- a/2008/3xxx/CVE-2008-3786.json +++ b/2008/3xxx/CVE-2008-3786.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka \"Gallery or event name\" field) in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080822 Photo Cart 3.9 index.php \"search\" XSS", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064046.html" - }, - { - "name" : "30798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30798" - }, - { - "name" : "31589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31589" - }, - { - "name" : "photocart-gallery-xss(44614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka \"Gallery or event name\" field) in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30798" + }, + { + "name": "photocart-gallery-xss(44614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44614" + }, + { + "name": "20080822 Photo Cart 3.9 index.php \"search\" XSS", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064046.html" + }, + { + "name": "31589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31589" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4095.json b/2008/4xxx/CVE-2008-4095.json index 689057282d3..8f37be6f807 100644 --- a/2008/4xxx/CVE-2008-4095.json +++ b/2008/4xxx/CVE-2008-4095.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.flip4mac.com/downloads/wmv_components/flip4mac-wmv-release-notes.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.flip4mac.com/downloads/wmv_components/flip4mac-wmv-release-notes.pdf" - }, - { - "name" : "31505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31505" - }, - { - "name" : "ADV-2008-2710", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2710" - }, - { - "name" : "1020956", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020956" - }, - { - "name" : "31925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31925" - }, - { - "name" : "flip4mac-multiple-unspecified(45187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flip4mac-multiple-unspecified(45187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45187" + }, + { + "name": "http://www.flip4mac.com/downloads/wmv_components/flip4mac-wmv-release-notes.pdf", + "refsource": "CONFIRM", + "url": "http://www.flip4mac.com/downloads/wmv_components/flip4mac-wmv-release-notes.pdf" + }, + { + "name": "31505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31505" + }, + { + "name": "31925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31925" + }, + { + "name": "1020956", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020956" + }, + { + "name": "ADV-2008-2710", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2710" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4911.json b/2008/4xxx/CVE-2008-4911.json index 92b4386e9b8..17451cab9c7 100644 --- a/2008/4xxx/CVE-2008-4911.json +++ b/2008/4xxx/CVE-2008-4911.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080415 remote file include", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-04/0196.html" - }, - { - "name" : "28797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28797" - }, - { - "name" : "istantreplay-read-file-include(41844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080415 remote file include", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-04/0196.html" + }, + { + "name": "28797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28797" + }, + { + "name": "istantreplay-read-file-include(41844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41844" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4930.json b/2008/4xxx/CVE-2008-4930.json index cd206a2ede8..5de4e4b22d1 100644 --- a/2008/4xxx/CVE-2008-4930.json +++ b/2008/4xxx/CVE-2008-4930.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka \"Incomplete protection against MIME-sniffing.\" NOTE: this could be leveraged for XSS and other attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html" - }, - { - "name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html" - }, - { - "name" : "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/01/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka \"Incomplete protection against MIME-sniffing.\" NOTE: this could be leveraged for XSS and other attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html" + }, + { + "name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html" + }, + { + "name": "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/01/2" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6181.json b/2008/6xxx/CVE-2008-6181.json index b6d85ed4b87..06a318dfe3d 100644 --- a/2008/6xxx/CVE-2008-6181.json +++ b/2008/6xxx/CVE-2008-6181.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6724", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6724" - }, - { - "name" : "http://www.mad4media.de/mad4joomla-mailforms-faq.html", - "refsource" : "CONFIRM", - "url" : "http://www.mad4media.de/mad4joomla-mailforms-faq.html" - }, - { - "name" : "http://www.mad4media.de/mad4joomla-mailforms.html", - "refsource" : "CONFIRM", - "url" : "http://www.mad4media.de/mad4joomla-mailforms.html" - }, - { - "name" : "31712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31712" - }, - { - "name" : "32239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32239" - }, - { - "name" : "mad4joomla-index-sql-injection(45815)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mad4media.de/mad4joomla-mailforms.html", + "refsource": "CONFIRM", + "url": "http://www.mad4media.de/mad4joomla-mailforms.html" + }, + { + "name": "32239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32239" + }, + { + "name": "6724", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6724" + }, + { + "name": "http://www.mad4media.de/mad4joomla-mailforms-faq.html", + "refsource": "CONFIRM", + "url": "http://www.mad4media.de/mad4joomla-mailforms-faq.html" + }, + { + "name": "mad4joomla-index-sql-injection(45815)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45815" + }, + { + "name": "31712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31712" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6374.json b/2008/6xxx/CVE-2008-6374.json index 99b52adbc7b..eb8ecac3a58 100644 --- a/2008/6xxx/CVE-2008-6374.json +++ b/2008/6xxx/CVE-2008-6374.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7325", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7325" - }, - { - "name" : "33000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33000" - }, - { - "name" : "mailinglistpro-mailinglist-info-disclosure(47018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mailinglistpro-mailinglist-info-disclosure(47018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47018" + }, + { + "name": "33000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33000" + }, + { + "name": "7325", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7325" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6426.json b/2008/6xxx/CVE-2008-6426.json index e557aa0614e..400ff7f2963 100644 --- a/2008/6xxx/CVE-2008-6426.json +++ b/2008/6xxx/CVE-2008-6426.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6426", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6426. Reason: This candidate is a duplicate of CVE-2007-6426. Notes: All CVE users should reference CVE-2007-6426 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-6426", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6426. Reason: This candidate is a duplicate of CVE-2007-6426. Notes: All CVE users should reference CVE-2007-6426 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6429.json b/2008/6xxx/CVE-2008-6429.json index 55ea7f5175e..cb92918571c 100644 --- a/2008/6xxx/CVE-2008-6429.json +++ b/2008/6xxx/CVE-2008-6429.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5708", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5708" - }, - { - "name" : "45856", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45856" - }, - { - "name" : "30493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30493" - }, - { - "name" : "prayercenter-index2-sql-injection(42772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "prayercenter-index2-sql-injection(42772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42772" + }, + { + "name": "5708", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5708" + }, + { + "name": "45856", + "refsource": "OSVDB", + "url": "http://osvdb.org/45856" + }, + { + "name": "30493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30493" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6966.json b/2008/6xxx/CVE-2008-6966.json index 2e7f6090828..0803a04aa21 100644 --- a/2008/6xxx/CVE-2008-6966.json +++ b/2008/6xxx/CVE-2008-6966.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7087", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7087" - }, - { - "name" : "32243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32243" - }, - { - "name" : "ajauction-admin-authentication-bypass(46528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ajauction-admin-authentication-bypass(46528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46528" + }, + { + "name": "7087", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7087" + }, + { + "name": "32243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32243" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2255.json b/2013/2xxx/CVE-2013-2255.json index a860efa1a0f..71730bed11a 100644 --- a/2013/2xxx/CVE-2013-2255.json +++ b/2013/2xxx/CVE-2013-2255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2340.json b/2013/2xxx/CVE-2013-2340.json index 5c3958ffe61..a32fac8dc7f 100644 --- a/2013/2xxx/CVE-2013-2340.json +++ b/2013/2xxx/CVE-2013-2340.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF02888", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03808969" - }, - { - "name" : "SSRT100917", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03808969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100917", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03808969" + }, + { + "name": "HPSBHF02888", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03808969" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2467.json b/2013/2xxx/CVE-2013-2467.json index b9ac7a1a2ff..5c6ee8c450e 100644 --- a/2013/2xxx/CVE-2013-2467.json +++ b/2013/2xxx/CVE-2013-2467.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "oval:org.mitre.oval:def:17014", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17014" - }, - { - "name" : "oval:org.mitre.oval:def:19512", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19512" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17014", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17014" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "oval:org.mitre.oval:def:19512", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19512" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2476.json b/2013/2xxx/CVE-2013-2476.json index af971c0f8fc..8552b60770e 100644 --- a/2013/2xxx/CVE-2013-2476.json +++ b/2013/2xxx/CVE-2013-2476.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-hartip.c?r1=47778&r2=47777&pathrev=47778", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-hartip.c?r1=47778&r2=47777&pathrev=47778" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47778", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47778" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-11.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360" - }, - { - "name" : "openSUSE-SU-2013:0494", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" - }, - { - "name" : "openSUSE-SU-2013:0506", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" - }, - { - "name" : "oval:org.mitre.oval:def:15838", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15838" - }, - { - "name" : "52471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0494", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-11.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-11.html" + }, + { + "name": "52471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52471" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" + }, + { + "name": "openSUSE-SU-2013:0506", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-hartip.c?r1=47778&r2=47777&pathrev=47778", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-hartip.c?r1=47778&r2=47777&pathrev=47778" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47778", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47778" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360" + }, + { + "name": "oval:org.mitre.oval:def:15838", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15838" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2971.json b/2013/2xxx/CVE-2013-2971.json index 20abc96989c..9ab3a6feaff 100644 --- a/2013/2xxx/CVE-2013-2971.json +++ b/2013/2xxx/CVE-2013-2971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2971", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2971", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6662.json b/2013/6xxx/CVE-2013-6662.json index 7cbe73c2481..bfe4a0cf3c1 100644 --- a/2013/6xxx/CVE-2013-6662.json +++ b/2013/6xxx/CVE-2013-6662.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome caches TLS sessions before certificate validation occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=305220", - "refsource" : "CONFIRM", - "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=305220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome caches TLS sessions before certificate validation occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=305220", + "refsource": "CONFIRM", + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=305220" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11326.json b/2017/11xxx/CVE-2017-11326.json index 85fd81bdd33..6539589a44d 100644 --- a/2017/11xxx/CVE-2017-11326.json +++ b/2017/11xxx/CVE-2017-11326.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11462.json b/2017/11xxx/CVE-2017-11462.json index dcec65ef9c4..d2f43e301b7 100644 --- a/2017/11xxx/CVE-2017-11462.json +++ b/2017/11xxx/CVE-2017-11462.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", - "refsource" : "CONFIRM", - "url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1488873" - }, - { - "name" : "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", - "refsource" : "CONFIRM", - "url" : "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf" - }, - { - "name" : "FEDORA-2017-10c74147f9", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", + "refsource": "CONFIRM", + "url": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf" + }, + { + "name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", + "refsource": "CONFIRM", + "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598" + }, + { + "name": "FEDORA-2017-10c74147f9", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11480.json b/2017/11xxx/CVE-2017-11480.json index 9376c7837c0..6177c3d3267 100644 --- a/2017/11xxx/CVE-2017-11480.json +++ b/2017/11xxx/CVE-2017-11480.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@elastic.co", - "ID" : "CVE-2017-11480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Packetbeat", - "version" : { - "version_data" : [ - { - "version_value" : "before 5.6.4" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-404: Improper Resource Shutdown or Release" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2017-11480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Packetbeat", + "version": { + "version_data": [ + { + "version_value": "before 5.6.4" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739", - "refsource" : "CONFIRM", - "url" : "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404: Improper Resource Shutdown or Release" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739", + "refsource": "CONFIRM", + "url": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14120.json b/2017/14xxx/CVE-2017-14120.json index efae1fe2245..c5b8af8155b 100644 --- a/2017/14xxx/CVE-2017-14120.json +++ b/2017/14xxx/CVE-2017-14120.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2017/08/20/1", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/08/20/1" - }, - { - "name" : "https://bugs.debian.org/874059", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/874059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/874059", + "refsource": "MISC", + "url": "https://bugs.debian.org/874059" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/08/20/1", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/08/20/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14255.json b/2017/14xxx/CVE-2017-14255.json index 84c6cc2d520..fe0720b5132 100644 --- a/2017/14xxx/CVE-2017-14255.json +++ b/2017/14xxx/CVE-2017-14255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14492.json b/2017/14xxx/CVE-2017-14492.json index 2f91a2b84ff..53f9964faac 100644 --- a/2017/14xxx/CVE-2017-14492.json +++ b/2017/14xxx/CVE-2017-14492.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42942", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42942/" - }, - { - "name" : "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", - "refsource" : "MLIST", - "url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html" - }, - { - "name" : "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", - "refsource" : "MLIST", - "url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html" - }, - { - "name" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", - "refsource" : "MISC", - "url" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" - }, - { - "name" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG" - }, - { - "name" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10", - "refsource" : "CONFIRM", - "url" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10" - }, - { - "name" : "https://access.redhat.com/security/vulnerabilities/3199382", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/vulnerabilities/3199382" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt" - }, - { - "name" : "DSA-3989", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3989" - }, - { - "name" : "GLSA-201710-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-27" - }, - { - "name" : "RHSA-2017:2836", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2836" - }, - { - "name" : "RHSA-2017:2837", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2837" - }, - { - "name" : "openSUSE-SU-2017:2633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html" - }, - { - "name" : "USN-3430-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3430-1" - }, - { - "name" : "USN-3430-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3430-2" - }, - { - "name" : "VU#973527", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/973527" - }, - { - "name" : "101085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101085" - }, - { - "name" : "1039474", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039474", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039474" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq" + }, + { + "name": "DSA-3989", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3989" + }, + { + "name": "https://access.redhat.com/security/vulnerabilities/3199382", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/vulnerabilities/3199382" + }, + { + "name": "101085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101085" + }, + { + "name": "USN-3430-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3430-1" + }, + { + "name": "VU#973527", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/973527" + }, + { + "name": "GLSA-201710-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-27" + }, + { + "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10", + "refsource": "CONFIRM", + "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10" + }, + { + "name": "USN-3430-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3430-2" + }, + { + "name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", + "refsource": "MLIST", + "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html" + }, + { + "name": "42942", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42942/" + }, + { + "name": "RHSA-2017:2836", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2836" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt" + }, + { + "name": "RHSA-2017:2837", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2837" + }, + { + "name": "http://thekelleys.org.uk/dnsmasq/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG" + }, + { + "name": "openSUSE-SU-2017:2633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html" + }, + { + "name": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", + "refsource": "MISC", + "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" + }, + { + "name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", + "refsource": "MLIST", + "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14558.json b/2017/14xxx/CVE-2017-14558.json index f19e601de2c..f2bfaa23c54 100644 --- a/2017/14xxx/CVE-2017-14558.json +++ b/2017/14xxx/CVE-2017-14558.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a \"User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14558", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a \"User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14558", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14558" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14665.json b/2017/14xxx/CVE-2017-14665.json index 2ac64c8ba40..e34303afa6e 100644 --- a/2017/14xxx/CVE-2017-14665.json +++ b/2017/14xxx/CVE-2017-14665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14665", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14665", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15158.json b/2017/15xxx/CVE-2017-15158.json index 0f86a5df435..aa5f6afeede 100644 --- a/2017/15xxx/CVE-2017-15158.json +++ b/2017/15xxx/CVE-2017-15158.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15158", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15158", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15188.json b/2017/15xxx/CVE-2017-15188.json index 29be50cf882..cd355196775 100644 --- a/2017/15xxx/CVE-2017-15188.json +++ b/2017/15xxx/CVE-2017-15188.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_device_index%20stored%20XSS", - "refsource" : "MISC", - "url" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_device_index%20stored%20XSS" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_device_index%20stored%20XSS", + "refsource": "MISC", + "url": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_device_index%20stored%20XSS" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15308.json b/2017/15xxx/CVE-2017-15308.json index b3ecb9569f2..eacda335adc 100644 --- a/2017/15xxx/CVE-2017-15308.json +++ b/2017/15xxx/CVE-2017-15308.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-20T00:00:00", - "ID" : "CVE-2017-15308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iReader", - "version" : { - "version_data" : [ - { - "version_value" : "before 8.0.2.301" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "input validation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-20T00:00:00", + "ID": "CVE-2017-15308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iReader", + "version": { + "version_data": [ + { + "version_value": "before 8.0.2.301" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9192.json b/2017/9xxx/CVE-2017-9192.json index be62744634b..61c337825f7 100644 --- a/2017/9xxx/CVE-2017-9192.json +++ b/2017/9xxx/CVE-2017-9192.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9722.json b/2017/9xxx/CVE-2017-9722.json index 864f6daa438..5b442012ef6 100644 --- a/2017/9xxx/CVE-2017-9722.json +++ b/2017/9xxx/CVE-2017-9722.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-9722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in Display" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-9722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in Display" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9801.json b/2017/9xxx/CVE-2017-9801.json index 583d91b1e1d..676dc247ea6 100644 --- a/2017/9xxx/CVE-2017-9801.json +++ b/2017/9xxx/CVE-2017-9801.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-08-01T00:00:00", - "ID" : "CVE-2017-9801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Commons Email", - "version" : { - "version_data" : [ - { - "version_value" : "1.0 to 1.4" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SMTP header injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-08-01T00:00:00", + "ID": "CVE-2017-9801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Commons Email", + "version": { + "version_data": [ + { + "version_value": "1.0 to 1.4" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce@apache.org] 20170801 CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5@%3Cannounce.apache.org%3E" - }, - { - "name" : "100082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100082" - }, - { - "name" : "1039043", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SMTP header injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[announce@apache.org] 20170801 CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5@%3Cannounce.apache.org%3E" + }, + { + "name": "1039043", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039043" + }, + { + "name": "100082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100082" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9819.json b/2017/9xxx/CVE-2017-9819.json index 50c28d3cb0c..a9046f92860 100644 --- a/2017/9xxx/CVE-2017-9819.json +++ b/2017/9xxx/CVE-2017-9819.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf", - "refsource" : "MISC", - "url" : "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf", + "refsource": "MISC", + "url": "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9992.json b/2017/9xxx/CVE-2017-9992.json index 3c5a1251117..238910b1030 100644 --- a/2017/9xxx/CVE-2017-9992.json +++ b/2017/9xxx/CVE-2017-9992.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360", - "refsource" : "MISC", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360" - }, - { - "name" : "DSA-4012", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4012" - }, - { - "name" : "99319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360", + "refsource": "MISC", + "url": "https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360" + }, + { + "name": "99319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99319" + }, + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345" + }, + { + "name": "DSA-4012", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4012" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0097.json b/2018/0xxx/CVE-2018-0097.json index 61e5759bb48..b6af4ea9044 100644 --- a/2018/0xxx/CVE-2018-0097.json +++ b/2018/0xxx/CVE-2018-0097.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Infrastructure", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Infrastructure" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-601" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Infrastructure", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Infrastructure" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure" - }, - { - "name" : "102724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102724" - }, - { - "name" : "1040243", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure" + }, + { + "name": "102724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102724" + }, + { + "name": "1040243", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040243" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000060.json b/2018/1000xxx/CVE-2018-1000060.json index 36a6f76313a..86d1a45a92c 100644 --- a/2018/1000xxx/CVE-2018-1000060.json +++ b/2018/1000xxx/CVE-2018-1000060.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/6/2018 17:07:21", - "ID" : "CVE-2018-1000060", - "REQUESTER" : "justin@sensu.io", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sensu Core", - "version" : { - "version_data" : [ - { - "version_value" : "Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b" - } - ] - } - } - ] - }, - "vendor_name" : "Sensu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-522" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/6/2018 17:07:21", + "ID": "CVE-2018-1000060", + "REQUESTER": "justin@sensu.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sensu/sensu/issues/1804", - "refsource" : "CONFIRM", - "url" : "https://github.com/sensu/sensu/issues/1804" - }, - { - "name" : "https://github.com/sensu/sensu/pull/1810", - "refsource" : "CONFIRM", - "url" : "https://github.com/sensu/sensu/pull/1810" - }, - { - "name" : "RHSA-2018:0616", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0616" - }, - { - "name" : "RHSA-2018:1112", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1112" - }, - { - "name" : "RHSA-2018:1606", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sensu/sensu/pull/1810", + "refsource": "CONFIRM", + "url": "https://github.com/sensu/sensu/pull/1810" + }, + { + "name": "RHSA-2018:0616", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0616" + }, + { + "name": "https://github.com/sensu/sensu/issues/1804", + "refsource": "CONFIRM", + "url": "https://github.com/sensu/sensu/issues/1804" + }, + { + "name": "RHSA-2018:1606", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1606" + }, + { + "name": "RHSA-2018:1112", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1112" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000511.json b/2018/1000xxx/CVE-2018-1000511.json index 79f06c39209..45083a585b3 100644 --- a/2018/1000xxx/CVE-2018-1000511.json +++ b/2018/1000xxx/CVE-2018-1000511.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.012591", - "DATE_REQUESTED" : "2018-06-07T20:50:47", - "ID" : "CVE-2018-1000511", - "REQUESTER" : "tom@dxw.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WP ULike", - "version" : { - "version_data" : [ - { - "version_value" : "2.8.1,3.1" - } - ] - } - } - ] - }, - "vendor_name" : "WP ULike" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.012591", + "DATE_REQUESTED": "2018-06-07T20:50:47", + "ID": "CVE-2018-1000511", + "REQUESTER": "tom@dxw.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://advisories.dxw.com/advisories/wp-ulike-delete-rows/", - "refsource" : "MISC", - "url" : "https://advisories.dxw.com/advisories/wp-ulike-delete-rows/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://advisories.dxw.com/advisories/wp-ulike-delete-rows/", + "refsource": "MISC", + "url": "https://advisories.dxw.com/advisories/wp-ulike-delete-rows/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12012.json b/2018/12xxx/CVE-2018-12012.json index cb38502218f..f3957255917 100644 --- a/2018/12xxx/CVE-2018-12012.json +++ b/2018/12xxx/CVE-2018-12012.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12012", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12012", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12298.json b/2018/12xxx/CVE-2018-12298.json index d14006a4391..b80b9f0183a 100644 --- a/2018/12xxx/CVE-2018-12298.json +++ b/2018/12xxx/CVE-2018-12298.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12298", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12298", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16053.json b/2018/16xxx/CVE-2018-16053.json index b17dc894944..208a1bce367 100644 --- a/2018/16xxx/CVE-2018-16053.json +++ b/2018/16xxx/CVE-2018-16053.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16053", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16053", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16146.json b/2018/16xxx/CVE-2018-16146.json index 819357913ab..963f57d00d0 100644 --- a/2018/16xxx/CVE-2018-16146.json +++ b/2018/16xxx/CVE-2018-16146.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180904 [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/3" - }, - { - "name" : "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities" - }, - { - "name" : "https://knowledge.opsview.com/v5.4/docs/whats-new", - "refsource" : "CONFIRM", - "url" : "https://knowledge.opsview.com/v5.4/docs/whats-new" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://knowledge.opsview.com/v5.4/docs/whats-new", + "refsource": "CONFIRM", + "url": "https://knowledge.opsview.com/v5.4/docs/whats-new" + }, + { + "name": "20180904 [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/3" + }, + { + "name": "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16165.json b/2018/16xxx/CVE-2018-16165.json index ad3a8263439..3090e04c295 100644 --- a/2018/16xxx/CVE-2018-16165.json +++ b/2018/16xxx/CVE-2018-16165.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LogonTracer", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "JPCERT Coordination Center" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LogonTracer", + "version": { + "version_data": [ + { + "version_value": "1.2.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "JPCERT Coordination Center" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1", - "refsource" : "MISC", - "url" : "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1" - }, - { - "name" : "https://jvn.jp/en/vu/JVNVU98026636/index.html", - "refsource" : "MISC", - "url" : "https://jvn.jp/en/vu/JVNVU98026636/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1", + "refsource": "MISC", + "url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1" + }, + { + "name": "https://jvn.jp/en/vu/JVNVU98026636/index.html", + "refsource": "MISC", + "url": "https://jvn.jp/en/vu/JVNVU98026636/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16471.json b/2018/16xxx/CVE-2018-16471.json index 5364ad3865d..ed3feb912e4 100644 --- a/2018/16xxx/CVE-2018-16471.json +++ b/2018/16xxx/CVE-2018-16471.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rack", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.6, 1.6.11" - } - ] - } - } - ] - }, - "vendor_name" : "Rack" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Stored (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rack", + "version": { + "version_data": [ + { + "version_value": "2.0.6, 1.6.11" + } + ] + } + } + ] + }, + "vendor_name": "Rack" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html" - }, - { - "name" : "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag" + }, + { + "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16592.json b/2018/16xxx/CVE-2018-16592.json index 7f3dd0ca349..450c6affe47 100644 --- a/2018/16xxx/CVE-2018-16592.json +++ b/2018/16xxx/CVE-2018-16592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4259.json b/2018/4xxx/CVE-2018-4259.json index c4522d604f9..a0c8b4fce4d 100644 --- a/2018/4xxx/CVE-2018-4259.json +++ b/2018/4xxx/CVE-2018-4259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4319.json b/2018/4xxx/CVE-2018-4319.json index 807949c9c7f..3c7211d6058 100644 --- a/2018/4xxx/CVE-2018-4319.json +++ b/2018/4xxx/CVE-2018-4319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4364.json b/2018/4xxx/CVE-2018-4364.json index 8613afb5c4a..77d4b35d070 100644 --- a/2018/4xxx/CVE-2018-4364.json +++ b/2018/4xxx/CVE-2018-4364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4364", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4364", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4748.json b/2018/4xxx/CVE-2018-4748.json index d0432921e6b..e7a5e9160b2 100644 --- a/2018/4xxx/CVE-2018-4748.json +++ b/2018/4xxx/CVE-2018-4748.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4748", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4748", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4930.json b/2018/4xxx/CVE-2018-4930.json index fbb83fea13c..cb45f3582d4 100644 --- a/2018/4xxx/CVE-2018-4930.json +++ b/2018/4xxx/CVE-2018-4930.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Experience Manager AEM 6.3 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Experience Manager AEM 6.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager AEM 6.3 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Experience Manager AEM 6.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html" - }, - { - "name" : "103706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103706" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4931.json b/2018/4xxx/CVE-2018-4931.json index af2ce0c8a0e..46002908cd8 100644 --- a/2018/4xxx/CVE-2018-4931.json +++ b/2018/4xxx/CVE-2018-4931.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Experience Manager AEM 6.1 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Experience Manager AEM 6.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stored cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager AEM 6.1 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Experience Manager AEM 6.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html" - }, - { - "name" : "103709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103709" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html" + } + ] + } +} \ No newline at end of file