From 305e4055c10d9defd939896284c0a19882be0505 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:23:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0432.json | 180 ++++++++--------- 2003/0xxx/CVE-2003-0731.json | 130 ++++++------ 2003/0xxx/CVE-2003-0805.json | 140 ++++++------- 2003/1xxx/CVE-2003-1196.json | 150 +++++++------- 2003/1xxx/CVE-2003-1237.json | 140 ++++++------- 2004/0xxx/CVE-2004-0121.json | 210 ++++++++++---------- 2004/0xxx/CVE-2004-0701.json | 150 +++++++------- 2004/0xxx/CVE-2004-0864.json | 34 ++-- 2004/0xxx/CVE-2004-0884.json | 250 +++++++++++------------ 2004/1xxx/CVE-2004-1102.json | 150 +++++++------- 2004/2xxx/CVE-2004-2129.json | 140 ++++++------- 2004/2xxx/CVE-2004-2398.json | 140 ++++++------- 2004/2xxx/CVE-2004-2468.json | 150 +++++++------- 2004/2xxx/CVE-2004-2511.json | 240 +++++++++++----------- 2008/2xxx/CVE-2008-2007.json | 34 ++-- 2008/2xxx/CVE-2008-2336.json | 150 +++++++------- 2008/2xxx/CVE-2008-2476.json | 350 ++++++++++++++++----------------- 2008/6xxx/CVE-2008-6081.json | 140 ++++++------- 2008/6xxx/CVE-2008-6967.json | 170 ++++++++-------- 2012/1xxx/CVE-2012-1084.json | 150 +++++++------- 2012/1xxx/CVE-2012-1685.json | 150 +++++++------- 2012/1xxx/CVE-2012-1919.json | 150 +++++++------- 2012/5xxx/CVE-2012-5076.json | 210 ++++++++++---------- 2012/5xxx/CVE-2012-5082.json | 160 +++++++-------- 2012/5xxx/CVE-2012-5512.json | 250 +++++++++++------------ 2012/5xxx/CVE-2012-5674.json | 140 ++++++------- 2012/5xxx/CVE-2012-5716.json | 34 ++-- 2012/5xxx/CVE-2012-5784.json | 180 ++++++++--------- 2017/11xxx/CVE-2017-11048.json | 132 ++++++------- 2017/11xxx/CVE-2017-11051.json | 130 ++++++------ 2017/11xxx/CVE-2017-11131.json | 120 +++++------ 2017/11xxx/CVE-2017-11164.json | 130 ++++++------ 2017/3xxx/CVE-2017-3440.json | 152 +++++++------- 2017/3xxx/CVE-2017-3526.json | 248 +++++++++++------------ 2017/3xxx/CVE-2017-3638.json | 152 +++++++------- 2017/7xxx/CVE-2017-7149.json | 170 ++++++++-------- 2017/7xxx/CVE-2017-7381.json | 130 ++++++------ 2017/7xxx/CVE-2017-7573.json | 34 ++-- 2017/8xxx/CVE-2017-8126.json | 122 ++++++------ 2017/8xxx/CVE-2017-8377.json | 120 +++++------ 2017/8xxx/CVE-2017-8430.json | 34 ++-- 2017/8xxx/CVE-2017-8529.json | 130 ++++++------ 2017/8xxx/CVE-2017-8949.json | 142 ++++++------- 2018/10xxx/CVE-2018-10259.json | 130 ++++++------ 2018/10xxx/CVE-2018-10295.json | 120 +++++------ 2018/10xxx/CVE-2018-10418.json | 34 ++-- 2018/10xxx/CVE-2018-10616.json | 142 ++++++------- 2018/12xxx/CVE-2018-12078.json | 120 +++++------ 2018/12xxx/CVE-2018-12091.json | 34 ++-- 2018/12xxx/CVE-2018-12817.json | 130 ++++++------ 2018/12xxx/CVE-2018-12878.json | 140 ++++++------- 2018/13xxx/CVE-2018-13054.json | 140 ++++++------- 2018/13xxx/CVE-2018-13634.json | 130 ++++++------ 2018/13xxx/CVE-2018-13937.json | 34 ++-- 2018/17xxx/CVE-2018-17015.json | 120 +++++------ 2018/17xxx/CVE-2018-17128.json | 130 ++++++------ 2018/17xxx/CVE-2018-17394.json | 130 ++++++------ 2018/17xxx/CVE-2018-17399.json | 34 ++-- 58 files changed, 3993 insertions(+), 3993 deletions(-) diff --git a/2003/0xxx/CVE-2003-0432.json b/2003/0xxx/CVE-2003-0432.json index 30a9bc3b5e4..6dc92e490e0 100644 --- a/2003/0xxx/CVE-2003-0432.json +++ b/2003/0xxx/CVE-2003-0432.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html" - }, - { - "name" : "DSA-324", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-324" - }, - { - "name" : "CLA-2003:662", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662" - }, - { - "name" : "RHSA-2003:077", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html" - }, - { - "name" : "CSSA-2003-030.0", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt" - }, - { - "name" : "9007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9007" - }, - { - "name" : "oval:org.mitre.oval:def:106", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-2003-030.0", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt" + }, + { + "name": "oval:org.mitre.oval:def:106", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106" + }, + { + "name": "RHSA-2003:077", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-077.html" + }, + { + "name": "CLA-2003:662", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662" + }, + { + "name": "DSA-324", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-324" + }, + { + "name": "9007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9007" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00010.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0731.json b/2003/0xxx/CVE-2003-0731.json index 83f408b5fce..60ff26c543d 100644 --- a/2003/0xxx/CVE-2003-0731.json +++ b/2003/0xxx/CVE-2003-0731.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the \"cmd\" parameter with a modifyUser value and a modified \"priviledges\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030813 CiscoWorks Application Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml" - }, - { - "name" : "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/333028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the \"cmd\" parameter with a modifyUser value and a modified \"priviledges\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/333028" + }, + { + "name": "20030813 CiscoWorks Application Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0805.json b/2003/0xxx/CVE-2003-0805.json index d18f2cddf69..c0e7911dde6 100644 --- a/2003/0xxx/CVE-2003-0805.json +++ b/2003/0xxx/CVE-2003-0805.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105804485302211&w=2" - }, - { - "name" : "20030818 FW: [gopher] UMN Gopher 3.0.6 released", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106123498310717&w=2" - }, - { - "name" : "DSA-387", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105804485302211&w=2" + }, + { + "name": "20030818 FW: [gopher] UMN Gopher 3.0.6 released", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106123498310717&w=2" + }, + { + "name": "DSA-387", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-387" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1196.json b/2003/1xxx/CVE-2003-1196.json index 000c864e26b..26a767df9e6 100644 --- a/2003/1xxx/CVE-2003-1196.json +++ b/2003/1xxx/CVE-2003-1196.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1", - "refsource" : "CONFIRM", - "url" : "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1" - }, - { - "name" : "8967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8967" - }, - { - "name" : "2789", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2789" - }, - { - "name" : "vieboard-viewtopic-sql-injection(13629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1", + "refsource": "CONFIRM", + "url": "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1" + }, + { + "name": "8967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8967" + }, + { + "name": "2789", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2789" + }, + { + "name": "vieboard-viewtopic-sql-injection(13629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13629" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1237.json b/2003/1xxx/CVE-2003-1237.json index 27e144503bb..cc005d02e10 100644 --- a/2003/1xxx/CVE-2003-1237.json +++ b/2003/1xxx/CVE-2003-1237.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030222 [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0274.html" - }, - { - "name" : "6918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6918" - }, - { - "name" : "wwwboard-message-xss(11383)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11383.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030222 [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0274.html" + }, + { + "name": "wwwboard-message-xss(11383)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11383.php" + }, + { + "name": "6918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6918" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0121.json b/2004/0xxx/CVE-2004-0121.json index 8e9447a23dc..e460490b2f3 100644 --- a/2004/0xxx/CVE-2004-0121.json +++ b/2004/0xxx/CVE-2004-0121.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040309 Microsoft Outlook \"mailto:\" Parameter Passing Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities" - }, - { - "name" : "20040310 Outlook mailto: URL argument injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107893704602842&w=2" - }, - { - "name" : "MS04-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009" - }, - { - "name" : "TA04-070A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-070A.html" - }, - { - "name" : "VU#305206", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/305206" - }, - { - "name" : "O-096", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-096.shtml" - }, - { - "name" : "9827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9827" - }, - { - "name" : "oval:org.mitre.oval:def:843", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843" - }, - { - "name" : "outlook-mailtourl-execute-code(15414)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15414" - }, - { - "name" : "outlook-ms04009-patch(15429)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA04-070A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-070A.html" + }, + { + "name": "MS04-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009" + }, + { + "name": "VU#305206", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/305206" + }, + { + "name": "outlook-mailtourl-execute-code(15414)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15414" + }, + { + "name": "outlook-ms04009-patch(15429)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15429" + }, + { + "name": "oval:org.mitre.oval:def:843", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843" + }, + { + "name": "O-096", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-096.shtml" + }, + { + "name": "9827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9827" + }, + { + "name": "20040309 Microsoft Outlook \"mailto:\" Parameter Passing Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities" + }, + { + "name": "20040310 Outlook mailto: URL argument injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107893704602842&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0701.json b/2004/0xxx/CVE-2004-0701.json index 43515b05cc9..9666b8b4c65 100644 --- a/2004/0xxx/CVE-2004-0701.json +++ b/2004/0xxx/CVE-2004-0701.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "53922", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53922" - }, - { - "name" : "VU#100780", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/100780" - }, - { - "name" : "7457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7457" - }, - { - "name" : "sun-ray-session-access(11905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7457" + }, + { + "name": "sun-ray-session-access(11905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11905" + }, + { + "name": "VU#100780", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/100780" + }, + { + "name": "53922", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53922" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0864.json b/2004/0xxx/CVE-2004-0864.json index b842aa666b5..cc0b39216cb 100644 --- a/2004/0xxx/CVE-2004-0864.json +++ b/2004/0xxx/CVE-2004-0864.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0864", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0864", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0884.json b/2004/0xxx/CVE-2004-0884.json index e277177161a..98681a4393b 100644 --- a/2004/0xxx/CVE-2004-0884.json +++ b/2004/0xxx/CVE-2004-0884.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-03-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" - }, - { - "name" : "DSA-563", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-563" - }, - { - "name" : "DSA-568", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-568" - }, - { - "name" : "FLSA:2137", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2137" - }, - { - "name" : "GLSA-200410-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml" - }, - { - "name" : "MDKSA-2004:106", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:106" - }, - { - "name" : "RHSA-2004:546", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2004-546.html" - }, - { - "name" : "2004-0053", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0053/" - }, - { - "name" : "20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110693126007214&w=2" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657" - }, - { - "name" : "P-003", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-003.shtml" - }, - { - "name" : "11347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11347" - }, - { - "name" : "oval:org.mitre.oval:def:11678", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678" - }, - { - "name" : "cyrus-sasl-saslpath(17643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657" + }, + { + "name": "20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110693126007214&w=2" + }, + { + "name": "2004-0053", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0053/" + }, + { + "name": "P-003", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-003.shtml" + }, + { + "name": "MDKSA-2004:106", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:106" + }, + { + "name": "DSA-568", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-568" + }, + { + "name": "FLSA:2137", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2137" + }, + { + "name": "DSA-563", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-563" + }, + { + "name": "cyrus-sasl-saslpath(17643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17643" + }, + { + "name": "oval:org.mitre.oval:def:11678", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678" + }, + { + "name": "APPLE-SA-2005-03-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" + }, + { + "name": "11347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11347" + }, + { + "name": "GLSA-200410-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml" + }, + { + "name": "RHSA-2004:546", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2004-546.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1102.json b/2004/1xxx/CVE-2004-1102.json index ede1e8e958b..060c622f846 100644 --- a/2004/1xxx/CVE-2004-1102.json +++ b/2004/1xxx/CVE-2004-1102.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.procheckup.com/security_info/vuln_pr0408.html", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/security_info/vuln_pr0408.html" - }, - { - "name" : "VU#306086", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/306086" - }, - { - "name" : "11599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11599" - }, - { - "name" : "mailpost-get-info-disclosure(17954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11599" + }, + { + "name": "http://www.procheckup.com/security_info/vuln_pr0408.html", + "refsource": "MISC", + "url": "http://www.procheckup.com/security_info/vuln_pr0408.html" + }, + { + "name": "VU#306086", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/306086" + }, + { + "name": "mailpost-get-info-disclosure(17954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17954" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2129.json b/2004/2xxx/CVE-2004-2129.json index 5a7d3f20398..5ce36b98924 100644 --- a/2004/2xxx/CVE-2004-2129.json +++ b/2004/2xxx/CVE-2004-2129.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040128 Denial Of Service in SurfNOW 2.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107530924723559&w=2" - }, - { - "name" : "9519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9519" - }, - { - "name" : "surfnow-get-dos(14976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9519" + }, + { + "name": "20040128 Denial Of Service in SurfNOW 2.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107530924723559&w=2" + }, + { + "name": "surfnow-get-dos(14976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14976" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2398.json b/2004/2xxx/CVE-2004-2398.json index e5fef4ac751..b6f7a448474 100644 --- a/2004/2xxx/CVE-2004-2398.json +++ b/2004/2xxx/CVE-2004-2398.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040519 Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html" - }, - { - "name" : "10390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10390" - }, - { - "name" : "cpanel-fantastico-obtain-information(16197)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cpanel-fantastico-obtain-information(16197)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16197" + }, + { + "name": "20040519 Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html" + }, + { + "name": "10390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10390" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2468.json b/2004/2xxx/CVE-2004-2468.json index 69bd7e02bda..db70efd1ca8 100644 --- a/2004/2xxx/CVE-2004-2468.json +++ b/2004/2xxx/CVE-2004-2468.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4755", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4755" - }, - { - "name" : "1009598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Mar/1009598.html" - }, - { - "name" : "11260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11260" - }, - { - "name" : "sillysearch-search-xss(15683)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11260" + }, + { + "name": "sillysearch-search-xss(15683)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15683" + }, + { + "name": "1009598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Mar/1009598.html" + }, + { + "name": "4755", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4755" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2511.json b/2004/2xxx/CVE-2004-2511.json index 8c3bb550665..a71d39a6b29 100644 --- a/2004/2xxx/CVE-2004-2511.json +++ b/2004/2xxx/CVE-2004-2511.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html" - }, - { - "name" : "11338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11338" - }, - { - "name" : "11339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11339" - }, - { - "name" : "10585", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10585" - }, - { - "name" : "10587", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10587" - }, - { - "name" : "10588", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10588" - }, - { - "name" : "10589", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10589" - }, - { - "name" : "10590", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10590" - }, - { - "name" : "11405", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11405" - }, - { - "name" : "1006351", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1006351" - }, - { - "name" : "12751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12751" - }, - { - "name" : "dcpportal-get-xss(17638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638" - }, - { - "name" : "dcpportal-post-xss(17639)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11338" + }, + { + "name": "10587", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10587" + }, + { + "name": "dcpportal-post-xss(17639)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639" + }, + { + "name": "10588", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10588" + }, + { + "name": "1006351", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1006351" + }, + { + "name": "10589", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10589" + }, + { + "name": "11339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11339" + }, + { + "name": "12751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12751" + }, + { + "name": "10585", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10585" + }, + { + "name": "10590", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10590" + }, + { + "name": "11405", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11405" + }, + { + "name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html" + }, + { + "name": "dcpportal-get-xss(17638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2007.json b/2008/2xxx/CVE-2008-2007.json index f333bfafbe1..27c67ed83cf 100644 --- a/2008/2xxx/CVE-2008-2007.json +++ b/2008/2xxx/CVE-2008-2007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2007", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1035. Reason: This candidate is a reservation duplicate of CVE-2008-1035. Notes: All CVE users should reference CVE-2008-1035 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-2007", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1035. Reason: This candidate is a reservation duplicate of CVE-2008-1035. Notes: All CVE users should reference CVE-2008-1035 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2336.json b/2008/2xxx/CVE-2008-2336.json index 3b68c9fa315..305630499b7 100644 --- a/2008/2xxx/CVE-2008-2336.json +++ b/2008/2xxx/CVE-2008-2336.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5626", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5626" - }, - { - "name" : "29249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29249" - }, - { - "name" : "30273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30273" - }, - { - "name" : "68classifieds-category-sql-injection(42465)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5626", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5626" + }, + { + "name": "30273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30273" + }, + { + "name": "68classifieds-category-sql-injection(42465)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42465" + }, + { + "name": "29249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29249" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2476.json b/2008/2xxx/CVE-2008-2476.json index 301ae0cb75a..d49ffd6f521 100644 --- a/2008/2xxx/CVE-2008-2476.json +++ b/2008/2xxx/CVE-2008-2476.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2008-2476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view", - "refsource" : "MISC", - "url" : "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-7H2S68", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-7H2S68" - }, - { - "name" : "http://support.apple.com/kb/HT3467", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3467" - }, - { - "name" : "FreeBSD-SA-08:10", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc" - }, - { - "name" : "NetBSD-SA2008-013", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc" - }, - { - "name" : "[4.2] 015: SECURITY FIX: October 2, 2008", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata42.html#015_ndp" - }, - { - "name" : "[4.3] 006: SECURITY FIX: October 2, 2008", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata43.html#006_ndp" - }, - { - "name" : "VU#472363", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/472363" - }, - { - "name" : "31529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31529" - }, - { - "name" : "oval:org.mitre.oval:def:5670", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670" - }, - { - "name" : "32133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32133" - }, - { - "name" : "ADV-2008-2750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2750" - }, - { - "name" : "ADV-2008-2751", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2751" - }, - { - "name" : "ADV-2008-2752", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2752" - }, - { - "name" : "1020968", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020968" - }, - { - "name" : "1021109", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021109" - }, - { - "name" : "1021132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021132" - }, - { - "name" : "32112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32112" - }, - { - "name" : "32117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32117" - }, - { - "name" : "32116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32116" - }, - { - "name" : "32406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32406" - }, - { - "name" : "ADV-2009-0633", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0633" - }, - { - "name" : "multiple-vendors-ndp-dos(45601)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32406" + }, + { + "name": "multiple-vendors-ndp-dos(45601)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601" + }, + { + "name": "http://support.apple.com/kb/HT3467", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3467" + }, + { + "name": "[4.2] 015: SECURITY FIX: October 2, 2008", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata42.html#015_ndp" + }, + { + "name": "ADV-2008-2751", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2751" + }, + { + "name": "1021109", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021109" + }, + { + "name": "1020968", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020968" + }, + { + "name": "32133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32133" + }, + { + "name": "VU#472363", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/472363" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7" + }, + { + "name": "32116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32116" + }, + { + "name": "1021132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021132" + }, + { + "name": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view", + "refsource": "MISC", + "url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view" + }, + { + "name": "ADV-2008-2750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2750" + }, + { + "name": "ADV-2008-2752", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2752" + }, + { + "name": "31529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31529" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68" + }, + { + "name": "FreeBSD-SA-08:10", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc" + }, + { + "name": "[4.3] 006: SECURITY FIX: October 2, 2008", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata43.html#006_ndp" + }, + { + "name": "32112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32112" + }, + { + "name": "NetBSD-SA2008-013", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc" + }, + { + "name": "oval:org.mitre.oval:def:5670", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670" + }, + { + "name": "32117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32117" + }, + { + "name": "ADV-2009-0633", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0633" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6081.json b/2008/6xxx/CVE-2008-6081.json index be9e22c6ad7..6438cd36c7f 100644 --- a/2008/6xxx/CVE-2008-6081.json +++ b/2008/6xxx/CVE-2008-6081.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5468", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5468" - }, - { - "name" : "28852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28852" - }, - { - "name" : "simplecustomer-contact-sql-injection(41938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28852" + }, + { + "name": "simplecustomer-contact-sql-injection(41938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41938" + }, + { + "name": "5468", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5468" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6967.json b/2008/6xxx/CVE-2008-6967.json index 3a3cdbbca99..9bb93b17f4e 100644 --- a/2008/6xxx/CVE-2008-6967.json +++ b/2008/6xxx/CVE-2008-6967.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://files.altn.com/MDaemon/Release/RelNotes_en.txt", - "refsource" : "CONFIRM", - "url" : "http://files.altn.com/MDaemon/Release/RelNotes_en.txt" - }, - { - "name" : "32355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32355" - }, - { - "name" : "50011", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50011" - }, - { - "name" : "32142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32142" - }, - { - "name" : "ADV-2008-3206", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3206" - }, - { - "name" : "worldclient-html-xss(46688)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3206", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3206" + }, + { + "name": "32142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32142" + }, + { + "name": "worldclient-html-xss(46688)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46688" + }, + { + "name": "http://files.altn.com/MDaemon/Release/RelNotes_en.txt", + "refsource": "CONFIRM", + "url": "http://files.altn.com/MDaemon/Release/RelNotes_en.txt" + }, + { + "name": "50011", + "refsource": "OSVDB", + "url": "http://osvdb.org/50011" + }, + { + "name": "32355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32355" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1084.json b/2012/1xxx/CVE-2012-1084.json index 8aead84f07a..b7fa0cd48ea 100644 --- a/2012/1xxx/CVE-2012-1084.json +++ b/2012/1xxx/CVE-2012-1084.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" - }, - { - "name" : "51852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51852" - }, - { - "name" : "78798", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78798" - }, - { - "name" : "typo3-beuserswitch-unspecified-xss(72974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" + }, + { + "name": "51852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51852" + }, + { + "name": "typo3-beuserswitch-unspecified-xss(72974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72974" + }, + { + "name": "78798", + "refsource": "OSVDB", + "url": "http://osvdb.org/78798" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1685.json b/2012/1xxx/CVE-2012-1685.json index cbc105fec43..6532d6139c4 100644 --- a/2012/1xxx/CVE-2012-1685.json +++ b/2012/1xxx/CVE-2012-1685.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1027666", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027666" - }, - { - "name" : "secureglobaldesktop-core-cve20121685(79379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027666", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027666" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "secureglobaldesktop-core-cve20121685(79379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79379" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1919.json b/2012/1xxx/CVE-2012-1919.json index 023f9be78d8..5c0444895ae 100644 --- a/2012/1xxx/CVE-2012-1919.json +++ b/2012/1xxx/CVE-2012-1919.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://en.securitylab.ru/lab/PT-2011-48", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/PT-2011-48" - }, - { - "name" : "http://atmail.org/download/atmailopen.tgz", - "refsource" : "CONFIRM", - "url" : "http://atmail.org/download/atmailopen.tgz" - }, - { - "name" : "VU#743555", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/743555" - }, - { - "name" : "47012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://en.securitylab.ru/lab/PT-2011-48", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/PT-2011-48" + }, + { + "name": "http://atmail.org/download/atmailopen.tgz", + "refsource": "CONFIRM", + "url": "http://atmail.org/download/atmailopen.tgz" + }, + { + "name": "VU#743555", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/743555" + }, + { + "name": "47012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47012" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5076.json b/2012/5xxx/CVE-2012-5076.json index 2c0dbb9a488..4c26cd2f32a 100644 --- a/2012/5xxx/CVE-2012-5076.json +++ b/2012/5xxx/CVE-2012-5076.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "RHSA-2012:1386", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html" - }, - { - "name" : "RHSA-2012:1391", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "oval:org.mitre.oval:def:16641", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641" - }, - { - "name" : "51029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51029" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "RHSA-2012:1386", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html" + }, + { + "name": "RHSA-2012:1391", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" + }, + { + "name": "51029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51029" + }, + { + "name": "51390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51390" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "oval:org.mitre.oval:def:16641", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5082.json b/2012/5xxx/CVE-2012-5082.json index 15444a36a62..df9e227c377 100644 --- a/2012/5xxx/CVE-2012-5082.json +++ b/2012/5xxx/CVE-2012-5082.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "56078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56078" - }, - { - "name" : "86370", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86370" - }, - { - "name" : "oval:org.mitre.oval:def:15827", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "86370", + "refsource": "OSVDB", + "url": "http://osvdb.org/86370" + }, + { + "name": "oval:org.mitre.oval:def:15827", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15827" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "56078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56078" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5512.json b/2012/5xxx/CVE-2012-5512.json index ff6ad12760b..ffc80daadcf 100644 --- a/2012/5xxx/CVE-2012-5512.json +++ b/2012/5xxx/CVE-2012-5512.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121203 Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/03/7" - }, - { - "name" : "http://support.citrix.com/article/CTX135777", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX135777" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "SUSE-SU-2012:1615", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html" - }, - { - "name" : "openSUSE-SU-2013:0133", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html" - }, - { - "name" : "openSUSE-SU-2012:1685", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html" - }, - { - "name" : "openSUSE-SU-2012:1687", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html" - }, - { - "name" : "56799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56799" - }, - { - "name" : "88132", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/88132" - }, - { - "name" : "51397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51397" - }, - { - "name" : "51486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51486" - }, - { - "name" : "51487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51487" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - }, - { - "name" : "xen-hvmopsetmemaccess-dos(80481)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "openSUSE-SU-2013:0133", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html" + }, + { + "name": "56799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56799" + }, + { + "name": "http://support.citrix.com/article/CTX135777", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX135777" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "51397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51397" + }, + { + "name": "[oss-security] 20121203 Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/03/7" + }, + { + "name": "openSUSE-SU-2012:1685", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html" + }, + { + "name": "51486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51486" + }, + { + "name": "51487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51487" + }, + { + "name": "xen-hvmopsetmemaccess-dos(80481)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80481" + }, + { + "name": "88132", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/88132" + }, + { + "name": "openSUSE-SU-2012:1687", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html" + }, + { + "name": "SUSE-SU-2012:1615", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5674.json b/2012/5xxx/CVE-2012-5674.json index aa7d03386f5..97bb0910180 100644 --- a/2012/5xxx/CVE-2012-5674.json +++ b/2012/5xxx/CVE-2012-5674.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-25.html" - }, - { - "name" : "87555", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87555" - }, - { - "name" : "adobe-coldfusion-unspec-dos(80139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "87555", + "refsource": "OSVDB", + "url": "http://osvdb.org/87555" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-25.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-25.html" + }, + { + "name": "adobe-coldfusion-unspec-dos(80139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80139" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5716.json b/2012/5xxx/CVE-2012-5716.json index 3be084fd1b6..ddf54211ba4 100644 --- a/2012/5xxx/CVE-2012-5716.json +++ b/2012/5xxx/CVE-2012-5716.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5716", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5716", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5784.json b/2012/5xxx/CVE-2012-5784.json index ca09b363b09..250abf08bf7 100644 --- a/2012/5xxx/CVE-2012-5784.json +++ b/2012/5xxx/CVE-2012-5784.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "RHSA-2013:0269", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0269.html" - }, - { - "name" : "RHSA-2013:0683", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0683.html" - }, - { - "name" : "RHSA-2014:0037", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0037.html" - }, - { - "name" : "56408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56408" - }, - { - "name" : "51219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51219" - }, - { - "name" : "apache-axis-ssl-spoofing(79829)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0269", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0269.html" + }, + { + "name": "RHSA-2014:0037", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0037.html" + }, + { + "name": "51219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51219" + }, + { + "name": "RHSA-2013:0683", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0683.html" + }, + { + "name": "56408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56408" + }, + { + "name": "apache-axis-ssl-spoofing(79829)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79829" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11048.json b/2017/11xxx/CVE-2017-11048.json index 8fb2626a563..1914428cb64 100644 --- a/2017/11xxx/CVE-2017-11048.json +++ b/2017/11xxx/CVE-2017-11048.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-11048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-11048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "101160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101160" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11051.json b/2017/11xxx/CVE-2017-11051.json index 0e78300d6f1..2288ebcba08 100644 --- a/2017/11xxx/CVE-2017-11051.json +++ b/2017/11xxx/CVE-2017-11051.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-11051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-11051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "101160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101160" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11131.json b/2017/11xxx/CVE-2017-11131.json index 20f83c04db6..1c2f919a90d 100644 --- a/2017/11xxx/CVE-2017-11131.json +++ b/2017/11xxx/CVE-2017-11131.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/90", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/90" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/90", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/90" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11164.json b/2017/11xxx/CVE-2017-11164.json index 2e361c395d8..5e6da6ec5d5 100644 --- a/2017/11xxx/CVE-2017-11164.json +++ b/2017/11xxx/CVE-2017-11164.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/07/11/3", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/07/11/3" - }, - { - "name" : "99575", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99575", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99575" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/07/11/3", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/07/11/3" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3440.json b/2017/3xxx/CVE-2017-3440.json index b509c9df082..a47552901b1 100644 --- a/2017/3xxx/CVE-2017-3440.json +++ b/2017/3xxx/CVE-2017-3440.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Customer Interaction History", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Customer Interaction History", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95497" - }, - { - "name" : "1037639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95497" + }, + { + "name": "1037639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037639" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3526.json b/2017/3xxx/CVE-2017-3526.json index 2a84bdc8c1d..7157874af84 100644 --- a/2017/3xxx/CVE-2017-3526.json +++ b/2017/3xxx/CVE-2017-3526.json @@ -1,126 +1,126 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u141" - }, - { - "version_affected" : "=", - "version_value" : "7u131" - }, - { - "version_affected" : "=", - "version_value" : "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u141" + }, + { + "version_affected": "=", + "version_value": "7u131" + }, + { + "version_affected": "=", + "version_value": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "DSA-3858", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3858" - }, - { - "name" : "GLSA-201705-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-03" - }, - { - "name" : "GLSA-201707-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-01" - }, - { - "name" : "RHSA-2017:1108", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1108" - }, - { - "name" : "RHSA-2017:1109", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1109" - }, - { - "name" : "RHSA-2017:1117", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1117" - }, - { - "name" : "RHSA-2017:1118", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1118" - }, - { - "name" : "RHSA-2017:1119", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1119" - }, - { - "name" : "RHSA-2017:1204", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1204" - }, - { - "name" : "97733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97733" - }, - { - "name" : "1038286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201705-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-03" + }, + { + "name": "RHSA-2017:1117", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1117" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "RHSA-2017:1109", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1109" + }, + { + "name": "1038286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038286" + }, + { + "name": "DSA-3858", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3858" + }, + { + "name": "RHSA-2017:1108", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1108" + }, + { + "name": "RHSA-2017:1204", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1204" + }, + { + "name": "97733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97733" + }, + { + "name": "RHSA-2017:1118", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1118" + }, + { + "name": "GLSA-201707-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-01" + }, + { + "name": "RHSA-2017:1119", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1119" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3638.json b/2017/3xxx/CVE-2017-3638.json index 2b5bc13fed2..381635dad2e 100644 --- a/2017/3xxx/CVE-2017-3638.json +++ b/2017/3xxx/CVE-2017-3638.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.18 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.18 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "99778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99778" - }, - { - "name" : "1038928", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99778" + }, + { + "name": "1038928", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038928" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7149.json b/2017/7xxx/CVE-2017-7149.json index 6535eedde94..b9f912b3ada 100644 --- a/2017/7xxx/CVE-2017-7149.json +++ b/2017/7xxx/CVE-2017-7149.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"StorageKit\" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79", - "refsource" : "MISC", - "url" : "https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79" - }, - { - "name" : "https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/", - "refsource" : "MISC", - "url" : "https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/" - }, - { - "name" : "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/", - "refsource" : "MISC", - "url" : "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/" - }, - { - "name" : "https://support.apple.com/HT208165", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208165" - }, - { - "name" : "101178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101178" - }, - { - "name" : "1039513", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"StorageKit\" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79", + "refsource": "MISC", + "url": "https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79" + }, + { + "name": "https://support.apple.com/HT208165", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208165" + }, + { + "name": "1039513", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039513" + }, + { + "name": "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/", + "refsource": "MISC", + "url": "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/" + }, + { + "name": "101178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101178" + }, + { + "name": "https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/", + "refsource": "MISC", + "url": "https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7381.json b/2017/7xxx/CVE-2017-7381.json index f6d79cfc44d..24820b521ee 100644 --- a/2017/7xxx/CVE-2017-7381.json +++ b/2017/7xxx/CVE-2017-7381.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference" - }, - { - "name" : "97296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference" + }, + { + "name": "97296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97296" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7573.json b/2017/7xxx/CVE-2017-7573.json index ebdb2923192..e817bae44eb 100644 --- a/2017/7xxx/CVE-2017-7573.json +++ b/2017/7xxx/CVE-2017-7573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8126.json b/2017/8xxx/CVE-2017-8126.json index 3ed15610a61..1e363063af3 100644 --- a/2017/8xxx/CVE-2017-8126.json +++ b/2017/8xxx/CVE-2017-8126.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UMA", - "version" : { - "version_data" : [ - { - "version_value" : "V200R001" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilege elevation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UMA", + "version": { + "version_data": [ + { + "version_value": "V200R001" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege elevation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8377.json b/2017/8xxx/CVE-2017-8377.json index a191e98a311..65e525def22 100644 --- a/2017/8xxx/CVE-2017-8377.json +++ b/2017/8xxx/CVE-2017-8377.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/72", - "refsource" : "MISC", - "url" : "https://github.com/semplon/GeniXCMS/issues/72" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/semplon/GeniXCMS/issues/72", + "refsource": "MISC", + "url": "https://github.com/semplon/GeniXCMS/issues/72" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8430.json b/2017/8xxx/CVE-2017-8430.json index 9a22361819f..2c757eab238 100644 --- a/2017/8xxx/CVE-2017-8430.json +++ b/2017/8xxx/CVE-2017-8430.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8430", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8430", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8529.json b/2017/8xxx/CVE-2017-8529.json index e75c9fac76f..a1989947b0a 100644 --- a/2017/8xxx/CVE-2017-8529.json +++ b/2017/8xxx/CVE-2017-8529.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka \"Microsoft Browser Information Disclosure Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529" - }, - { - "name" : "98953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka \"Microsoft Browser Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98953" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8949.json b/2017/8xxx/CVE-2017-8949.json index 877ca88ad57..5179b06147c 100644 --- a/2017/8xxx/CVE-2017-8949.json +++ b/2017/8xxx/CVE-2017-8949.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-06-27T00:00:00", - "ID" : "CVE-2017-8949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SiteScope", - "version" : { - "version_data" : [ - { - "version_value" : "v11.2x, v11.3x" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Disclosure of Sensitive Information" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-06-27T00:00:00", + "ID": "CVE-2017-8949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SiteScope", + "version": { + "version_data": [ + { + "version_value": "v11.2x, v11.3x" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us" - }, - { - "name" : "99331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99331" - }, - { - "name" : "1038791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Disclosure of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038791" + }, + { + "name": "99331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99331" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10259.json b/2018/10xxx/CVE-2018-10259.json index 1a074d8f066..5445125591e 100644 --- a/2018/10xxx/CVE-2018-10259.json +++ b/2018/10xxx/CVE-2018-10259.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44538", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44538/" - }, - { - "name" : "http://packetstormsecurity.com/files/147383/HRSALE-The-Ultimate-HRM-1.0.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147383/HRSALE-The-Ultimate-HRM-1.0.2-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/147383/HRSALE-The-Ultimate-HRM-1.0.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147383/HRSALE-The-Ultimate-HRM-1.0.2-Cross-Site-Scripting.html" + }, + { + "name": "44538", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44538/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10295.json b/2018/10xxx/CVE-2018-10295.json index d1c1c43d488..a2d3ccb00d8 100644 --- a/2018/10xxx/CVE-2018-10295.json +++ b/2018/10xxx/CVE-2018-10295.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/chemcms/ChemCMS/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/chemcms/ChemCMS/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chemcms/ChemCMS/issues/1", + "refsource": "MISC", + "url": "https://github.com/chemcms/ChemCMS/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10418.json b/2018/10xxx/CVE-2018-10418.json index b03b3c3d8e1..21310301479 100644 --- a/2018/10xxx/CVE-2018-10418.json +++ b/2018/10xxx/CVE-2018-10418.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10418", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10418", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10616.json b/2018/10xxx/CVE-2018-10616.json index 793bd473f6c..9fbd8e2f806 100644 --- a/2018/10xxx/CVE-2018-10616.json +++ b/2018/10xxx/CVE-2018-10616.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-07-17T00:00:00", - "ID" : "CVE-2018-10616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ABB Panel Builder 800", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "ABB" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER INPUT VALIDATION CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-07-17T00:00:00", + "ID": "CVE-2018-10616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ABB Panel Builder 800", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "ABB" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01" - }, - { - "name" : "http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch", - "refsource" : "CONFIRM", - "url" : "http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch" - }, - { - "name" : "104882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01" + }, + { + "name": "104882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104882" + }, + { + "name": "http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch", + "refsource": "CONFIRM", + "url": "http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12078.json b/2018/12xxx/CVE-2018-12078.json index bbb14a24a02..579e206f925 100644 --- a/2018/12xxx/CVE-2018-12078.json +++ b/2018/12xxx/CVE-2018-12078.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://peckshield.com/2018/06/11/tradeTrap/", - "refsource" : "MISC", - "url" : "https://peckshield.com/2018/06/11/tradeTrap/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://peckshield.com/2018/06/11/tradeTrap/", + "refsource": "MISC", + "url": "https://peckshield.com/2018/06/11/tradeTrap/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12091.json b/2018/12xxx/CVE-2018-12091.json index 93070ddcb67..a934fb66e4d 100644 --- a/2018/12xxx/CVE-2018-12091.json +++ b/2018/12xxx/CVE-2018-12091.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12091", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12091", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12817.json b/2018/12xxx/CVE-2018-12817.json index 3eca660d79c..c0c7ae45125 100644 --- a/2018/12xxx/CVE-2018-12817.json +++ b/2018/12xxx/CVE-2018-12817.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html" - }, - { - "name" : "106472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html" + }, + { + "name": "106472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106472" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12878.json b/2018/12xxx/CVE-2018-12878.json index 2b6f0ac7d70..e709963e0fd 100644 --- a/2018/12xxx/CVE-2018-12878.json +++ b/2018/12xxx/CVE-2018-12878.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105439" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105439" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13054.json b/2018/13xxx/CVE-2018-13054.json index 179b45b006d..6105a381986 100644 --- a/2018/13xxx/CVE-2018-13054.json +++ b/2018/13xxx/CVE-2018-13054.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180713 [SECURITY] [DLA-1420-1] cinnamon security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00011.html" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1083067", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1083067" - }, - { - "name" : "https://github.com/linuxmint/Cinnamon/pull/7683", - "refsource" : "MISC", - "url" : "https://github.com/linuxmint/Cinnamon/pull/7683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1083067", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1083067" + }, + { + "name": "https://github.com/linuxmint/Cinnamon/pull/7683", + "refsource": "MISC", + "url": "https://github.com/linuxmint/Cinnamon/pull/7683" + }, + { + "name": "[debian-lts-announce] 20180713 [SECURITY] [DLA-1420-1] cinnamon security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00011.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13634.json b/2018/13xxx/CVE-2018-13634.json index 1e4f9c23fee..47410ddb02a 100644 --- a/2018/13xxx/CVE-2018-13634.json +++ b/2018/13xxx/CVE-2018-13634.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MediaCubeToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MediaCubeToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MediaCubeToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MediaCubeToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13937.json b/2018/13xxx/CVE-2018-13937.json index e996e9e392d..2a16dce5600 100644 --- a/2018/13xxx/CVE-2018-13937.json +++ b/2018/13xxx/CVE-2018-13937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17015.json b/2018/17xxx/CVE-2018-17015.json index 4ee431ccf98..c422cfda558 100644 --- a/2018/17xxx/CVE-2018-17015.json +++ b/2018/17xxx/CVE-2018-17015.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_11/README.md", - "refsource" : "MISC", - "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_11/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_11/README.md", + "refsource": "MISC", + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_11/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17128.json b/2018/17xxx/CVE-2018-17128.json index 879f429f559..7255c16e513 100644 --- a/2018/17xxx/CVE-2018-17128.json +++ b/2018/17xxx/CVE-2018-17128.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45449", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45449/" - }, - { - "name" : "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/", - "refsource" : "MISC", - "url" : "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/", + "refsource": "MISC", + "url": "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/" + }, + { + "name": "45449", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45449/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17394.json b/2018/17xxx/CVE-2018-17394.json index 68060428a5a..dd270fa2965 100644 --- a/2018/17xxx/CVE-2018-17394.json +++ b/2018/17xxx/CVE-2018-17394.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45478", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45478/" - }, - { - "name" : "http://packetstormsecurity.com/files/149534/Joomla-Timetable-Schedule-3.6.8-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149534/Joomla-Timetable-Schedule-3.6.8-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45478", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45478/" + }, + { + "name": "http://packetstormsecurity.com/files/149534/Joomla-Timetable-Schedule-3.6.8-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149534/Joomla-Timetable-Schedule-3.6.8-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17399.json b/2018/17xxx/CVE-2018-17399.json index 5d32304ad1a..75d94ac01b1 100644 --- a/2018/17xxx/CVE-2018-17399.json +++ b/2018/17xxx/CVE-2018-17399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file