From 3129c5096e18e2691a9415715388a9a1493387ed Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:25:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0075.json | 160 ++++++++++++++--------------- 2003/0xxx/CVE-2003-0680.json | 120 +++++++++++----------- 2003/0xxx/CVE-2003-0994.json | 160 ++++++++++++++--------------- 2003/1xxx/CVE-2003-1385.json | 160 ++++++++++++++--------------- 2003/1xxx/CVE-2003-1508.json | 150 +++++++++++++-------------- 2003/1xxx/CVE-2003-1538.json | 140 ++++++++++++------------- 2004/0xxx/CVE-2004-0170.json | 34 +++---- 2004/0xxx/CVE-2004-0341.json | 160 ++++++++++++++--------------- 2004/0xxx/CVE-2004-0542.json | 140 ++++++++++++------------- 2004/0xxx/CVE-2004-0655.json | 140 ++++++++++++------------- 2004/0xxx/CVE-2004-0765.json | 180 ++++++++++++++++----------------- 2004/1xxx/CVE-2004-1705.json | 180 ++++++++++++++++----------------- 2004/2xxx/CVE-2004-2117.json | 170 +++++++++++++++---------------- 2004/2xxx/CVE-2004-2217.json | 160 ++++++++++++++--------------- 2004/2xxx/CVE-2004-2740.json | 180 ++++++++++++++++----------------- 2008/2xxx/CVE-2008-2275.json | 150 +++++++++++++-------------- 2008/2xxx/CVE-2008-2474.json | 170 +++++++++++++++---------------- 2008/2xxx/CVE-2008-2753.json | 170 +++++++++++++++---------------- 2008/6xxx/CVE-2008-6931.json | 160 ++++++++++++++--------------- 2012/1xxx/CVE-2012-1214.json | 150 +++++++++++++-------------- 2012/1xxx/CVE-2012-1349.json | 34 +++---- 2012/1xxx/CVE-2012-1396.json | 120 +++++++++++----------- 2012/1xxx/CVE-2012-1897.json | 150 +++++++++++++-------------- 2012/1xxx/CVE-2012-1999.json | 130 ++++++++++++------------ 2012/5xxx/CVE-2012-5063.json | 140 ++++++++++++------------- 2012/5xxx/CVE-2012-5210.json | 140 ++++++++++++------------- 2012/5xxx/CVE-2012-5879.json | 170 +++++++++++++++---------------- 2012/5xxx/CVE-2012-5948.json | 130 ++++++++++++------------ 2017/11xxx/CVE-2017-11428.json | 34 +++---- 2017/11xxx/CVE-2017-11742.json | 130 ++++++++++++------------ 2017/11xxx/CVE-2017-11984.json | 34 +++---- 2017/3xxx/CVE-2017-3282.json | 176 ++++++++++++++++---------------- 2017/3xxx/CVE-2017-3895.json | 34 +++---- 2017/7xxx/CVE-2017-7504.json | 130 ++++++++++++------------ 2017/8xxx/CVE-2017-8198.json | 122 +++++++++++----------- 2017/8xxx/CVE-2017-8346.json | 140 ++++++++++++------------- 2018/10xxx/CVE-2018-10457.json | 34 +++---- 2018/10xxx/CVE-2018-10680.json | 120 +++++++++++----------- 2018/10xxx/CVE-2018-10794.json | 34 +++---- 2018/10xxx/CVE-2018-10804.json | 130 ++++++++++++------------ 2018/12xxx/CVE-2018-12330.json | 120 +++++++++++----------- 2018/12xxx/CVE-2018-12549.json | 142 +++++++++++++------------- 2018/12xxx/CVE-2018-12645.json | 34 +++---- 2018/12xxx/CVE-2018-12958.json | 34 +++---- 2018/13xxx/CVE-2018-13326.json | 120 +++++++++++----------- 2018/13xxx/CVE-2018-13604.json | 130 ++++++++++++------------ 2018/13xxx/CVE-2018-13981.json | 140 ++++++++++++------------- 2018/17xxx/CVE-2018-17199.json | 152 ++++++++++++++-------------- 2018/17xxx/CVE-2018-17247.json | 140 ++++++++++++------------- 2018/17xxx/CVE-2018-17275.json | 34 +++---- 2018/17xxx/CVE-2018-17410.json | 120 +++++++++++----------- 51 files changed, 3166 insertions(+), 3166 deletions(-) diff --git a/2003/0xxx/CVE-2003-0075.json b/2003/0xxx/CVE-2003-0075.json index 7b386a76973..73c9b8b486b 100644 --- a/2003/0xxx/CVE-2003-0075.json +++ b/2003/0xxx/CVE-2003-0075.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a \"fmt\" wave chunk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030202 Bladeenc 0.94.2 code execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104428700106672&w=2" - }, - { - "name" : "http://www.pivx.com/luigi/adv/blade942-adv.txt", - "refsource" : "MISC", - "url" : "http://www.pivx.com/luigi/adv/blade942-adv.txt" - }, - { - "name" : "GLSA-200302-04", - "refsource" : "GENTOO", - "url" : "http://marc.info/?l=bugtraq&m=104446346127432&w=2" - }, - { - "name" : "6745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6745" - }, - { - "name" : "bladeenc-myfseek-code-execution(11227)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11227.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a \"fmt\" wave chunk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bladeenc-myfseek-code-execution(11227)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11227.php" + }, + { + "name": "6745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6745" + }, + { + "name": "GLSA-200302-04", + "refsource": "GENTOO", + "url": "http://marc.info/?l=bugtraq&m=104446346127432&w=2" + }, + { + "name": "20030202 Bladeenc 0.94.2 code execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104428700106672&w=2" + }, + { + "name": "http://www.pivx.com/luigi/adv/blade942-adv.txt", + "refsource": "MISC", + "url": "http://www.pivx.com/luigi/adv/blade942-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0680.json b/2003/0xxx/CVE-2003-0680.json index 666da81e7e3..de1a413a67b 100644 --- a/2003/0xxx/CVE-2003-0680.json +++ b/2003/0xxx/CVE-2003-0680.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030901-01-P" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030901-01-P" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0994.json b/2003/0xxx/CVE-2003-0994.json index c921dd22b77..b5f58ea45f9 100644 --- a/2003/0xxx/CVE-2003-0994.json +++ b/2003/0xxx/CVE-2003-0994.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html" - }, - { - "name" : "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM", - "refsource" : "BUGTRAQ", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html" - }, - { - "name" : "20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107393473928245&w=2" - }, - { - "name" : "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt", - "refsource" : "MISC", - "url" : "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt" - }, - { - "name" : "3428", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3428", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3428" + }, + { + "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html" + }, + { + "name": "20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107393473928245&w=2" + }, + { + "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM", + "refsource": "BUGTRAQ", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html" + }, + { + "name": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt", + "refsource": "MISC", + "url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1385.json b/2003/1xxx/CVE-2003-1385.json index 817c7f56d52..20a90656b3f 100644 --- a/2003/1xxx/CVE-2003-1385.json +++ b/2003/1xxx/CVE-2003-1385.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030227 Invision Power Board (PHP)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html" - }, - { - "name" : "3357", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3357" - }, - { - "name" : "8182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8182" - }, - { - "name" : "invision-ipchat-file-include(11435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435" - }, - { - "name" : "6976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8182" + }, + { + "name": "3357", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3357" + }, + { + "name": "20030227 Invision Power Board (PHP)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html" + }, + { + "name": "6976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6976" + }, + { + "name": "invision-ipchat-file-include(11435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1508.json b/2003/1xxx/CVE-2003-1508.json index de10f4eba36..ae9018100f9 100644 --- a/2003/1xxx/CVE-2003-1508.json +++ b/2003/1xxx/CVE-2003-1508.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031023 (Fw) : mIRC 6.12 (latest) DCC Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/342179" - }, - { - "name" : "http://www.irchelp.org/irchelp/mirc/exploit.html", - "refsource" : "CONFIRM", - "url" : "http://www.irchelp.org/irchelp/mirc/exploit.html" - }, - { - "name" : "8880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8880" - }, - { - "name" : "3303", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3303", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3303" + }, + { + "name": "20031023 (Fw) : mIRC 6.12 (latest) DCC Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/342179" + }, + { + "name": "http://www.irchelp.org/irchelp/mirc/exploit.html", + "refsource": "CONFIRM", + "url": "http://www.irchelp.org/irchelp/mirc/exploit.html" + }, + { + "name": "8880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8880" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1538.json b/2003/1xxx/CVE-2003-1538.json index 09d19d34713..ea91f3924f5 100644 --- a/2003/1xxx/CVE-2003-1538.json +++ b/2003/1xxx/CVE-2003-1538.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SA:2003:005", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_005_susehelp.html" - }, - { - "name" : "1005954", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005954" - }, - { - "name" : "7906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7906" + }, + { + "name": "1005954", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005954" + }, + { + "name": "SUSE-SA:2003:005", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_005_susehelp.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0170.json b/2004/0xxx/CVE-2004-0170.json index 6109326830c..f789fc06c53 100644 --- a/2004/0xxx/CVE-2004-0170.json +++ b/2004/0xxx/CVE-2004-0170.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0170", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0170", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0341.json b/2004/0xxx/CVE-2004-0341.json index b23403463c4..7db29e6e7e0 100644 --- a/2004/0xxx/CVE-2004-0341.json +++ b/2004/0xxx/CVE-2004-0341.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040228 Multiple WFTPD Denial of Service vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107801142924976&w=2" - }, - { - "name" : "9767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9767" - }, - { - "name" : "4115", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4115" - }, - { - "name" : "11001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11001" - }, - { - "name" : "wftpd-string-0Ahbyte-dos(15341)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040228 Multiple WFTPD Denial of Service vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107801142924976&w=2" + }, + { + "name": "11001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11001" + }, + { + "name": "9767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9767" + }, + { + "name": "wftpd-string-0Ahbyte-dos(15341)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15341" + }, + { + "name": "4115", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4115" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0542.json b/2004/0xxx/CVE-2004-0542.json index 8cb015b511a..b2e3233c6b2 100644 --- a/2004/0xxx/CVE-2004-0542.json +++ b/2004/0xxx/CVE-2004-0542.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the \"%\", \"|\", or \">\" characters to the escapeshellcmd function, or (2) the \"%\" character to the escapeshellarg function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.idefense.com/application/poi/display?id=108", - "refsource" : "MISC", - "url" : "http://www.idefense.com/application/poi/display?id=108" - }, - { - "name" : "http://www.php.net/release_4_3_7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_4_3_7.php" - }, - { - "name" : "php-escapeshellarg-execute-command(16331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the \"%\", \"|\", or \">\" characters to the escapeshellcmd function, or (2) the \"%\" character to the escapeshellarg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/release_4_3_7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_4_3_7.php" + }, + { + "name": "php-escapeshellarg-execute-command(16331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16331" + }, + { + "name": "http://www.idefense.com/application/poi/display?id=108", + "refsource": "MISC", + "url": "http://www.idefense.com/application/poi/display?id=108" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0655.json b/2004/0xxx/CVE-2004-0655.json index a891a3c2ca8..b342a4f98c6 100644 --- a/2004/0xxx/CVE-2004-0655.json +++ b/2004/0xxx/CVE-2004-0655.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eupdatedb in esearch 0.6.1 and earlier allows local users to create arbitrary files via a symlink attack on the esearchdb.py.tmp temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200407-01", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-01.xml" - }, - { - "name" : "10644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10644" - }, - { - "name" : "esearch-eupdatedb-symlink(16584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eupdatedb in esearch 0.6.1 and earlier allows local users to create arbitrary files via a symlink attack on the esearchdb.py.tmp temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10644" + }, + { + "name": "GLSA-200407-01", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-01.xml" + }, + { + "name": "esearch-eupdatedb-symlink(16584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16584" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0765.json b/2004/0xxx/CVE-2004-0765.json index 03567fe6bbb..f68216ea81c 100644 --- a/2004/0xxx/CVE-2004-0765.json +++ b/2004/0xxx/CVE-2004-0765.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=234058", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=234058" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" - }, - { - "name" : "FLSA:2089", - "refsource" : "FEDORA", - "url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2" - }, - { - "name" : "RHSA-2004:421", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-421.html" - }, - { - "name" : "SUSE-SA:2004:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" - }, - { - "name" : "oval:org.mitre.oval:def:11162", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162" - }, - { - "name" : "mozilla-certtesthostname-certificate-spoof(16868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=234058", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=234058" + }, + { + "name": "oval:org.mitre.oval:def:11162", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162" + }, + { + "name": "SUSE-SA:2004:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" + }, + { + "name": "RHSA-2004:421", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" + }, + { + "name": "mozilla-certtesthostname-certificate-spoof(16868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" + }, + { + "name": "FLSA:2089", + "refsource": "FEDORA", + "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1705.json b/2004/1xxx/CVE-2004-1705.json index 588a0847c77..b2ec9e9071c 100644 --- a/2004/1xxx/CVE-2004-1705.json +++ b/2004/1xxx/CVE-2004-1705.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040731 Citadel/UX Remote DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109121546120575&w=2" - }, - { - "name" : "20040731 Re: Citadel/UX Remote DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109146099404071&w=2" - }, - { - "name" : "http://www.nosystem.com.ar/advisories/advisory-04.txt", - "refsource" : "MISC", - "url" : "http://www.nosystem.com.ar/advisories/advisory-04.txt" - }, - { - "name" : "10833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10833" - }, - { - "name" : "1010809", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010809" - }, - { - "name" : "12197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12197" - }, - { - "name" : "citadel-user-dos(16840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040731 Citadel/UX Remote DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109121546120575&w=2" + }, + { + "name": "10833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10833" + }, + { + "name": "http://www.nosystem.com.ar/advisories/advisory-04.txt", + "refsource": "MISC", + "url": "http://www.nosystem.com.ar/advisories/advisory-04.txt" + }, + { + "name": "20040731 Re: Citadel/UX Remote DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109146099404071&w=2" + }, + { + "name": "citadel-user-dos(16840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16840" + }, + { + "name": "12197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12197" + }, + { + "name": "1010809", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010809" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2117.json b/2004/2xxx/CVE-2004-2117.json index 7dde0cfc524..68ceb1a7982 100644 --- a/2004/2xxx/CVE-2004-2117.json +++ b/2004/2xxx/CVE-2004-2117.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040124 Tiny Server 1.1 (1.0.5) Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107496530806730&w=2" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt" - }, - { - "name" : "9485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9485" - }, - { - "name" : "3709", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3709" - }, - { - "name" : "10707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10707" - }, - { - "name" : "tinyserver-string-dos(14928)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10707" + }, + { + "name": "20040124 Tiny Server 1.1 (1.0.5) Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107496530806730&w=2" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt" + }, + { + "name": "tinyserver-string-dos(14928)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14928" + }, + { + "name": "3709", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3709" + }, + { + "name": "9485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9485" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2217.json b/2004/2xxx/CVE-2004-2217.json index 731128a8b05..bad68b1ae1d 100644 --- a/2004/2xxx/CVE-2004-2217.json +++ b/2004/2xxx/CVE-2004-2217.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[fm-news] 20041102 Newsletter for Monday, November 01st 2004", - "refsource" : "MLIST", - "url" : "http://archives.neohapsis.com/archives/apps/freshmeat/2004-11/0001.html" - }, - { - "name" : "11597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11597" - }, - { - "name" : "11323", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11323" - }, - { - "name" : "1012043", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012043" - }, - { - "name" : "ychat-http-connection-dos(17942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11323", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11323" + }, + { + "name": "11597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11597" + }, + { + "name": "1012043", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012043" + }, + { + "name": "ychat-http-connection-dos(17942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17942" + }, + { + "name": "[fm-news] 20041102 Newsletter for Monday, November 01st 2004", + "refsource": "MLIST", + "url": "http://archives.neohapsis.com/archives/apps/freshmeat/2004-11/0001.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2740.json b/2004/2xxx/CVE-2004-2740.json index 02ae9bb13bf..4b523323cb5 100644 --- a/2004/2xxx/CVE-2004-2740.json +++ b/2004/2xxx/CVE-2004-2740.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=193", - "refsource" : "CONFIRM", - "url" : "http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=193" - }, - { - "name" : "GLSA-200412-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml" - }, - { - "name" : "12116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12116" - }, - { - "name" : "12613", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12613" - }, - { - "name" : "1012708", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012708" - }, - { - "name" : "13660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13660" - }, - { - "name" : "phprojekt-pathpre-file-include(18683)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200412-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml" + }, + { + "name": "13660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13660" + }, + { + "name": "12613", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12613" + }, + { + "name": "12116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12116" + }, + { + "name": "1012708", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012708" + }, + { + "name": "http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=193", + "refsource": "CONFIRM", + "url": "http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=193" + }, + { + "name": "phprojekt-pathpre-file-include(18683)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18683" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2275.json b/2008/2xxx/CVE-2008-2275.json index 2b9bbdce590..30bc0e81cc9 100644 --- a/2008/2xxx/CVE-2008-2275.json +++ b/2008/2xxx/CVE-2008-2275.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080515-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080515-1/" - }, - { - "name" : "29239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29239" - }, - { - "name" : "30275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30275" - }, - { - "name" : "srfeuserregister-unspecified-code-execution(42445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30275" + }, + { + "name": "29239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29239" + }, + { + "name": "srfeuserregister-unspecified-code-execution(42445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42445" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080515-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080515-1/" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2474.json b/2008/2xxx/CVE-2008-2474.json index a0ca9d4ac46..318be6daec6 100644 --- a/2008/2xxx/CVE-2008-2474.json +++ b/2008/2xxx/CVE-2008-2474.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2008-2474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080925 C4 Security Advisory - ABB PCU400 4.4-4.6 Remote Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496739/100/0/threaded" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/CTAR-7JTNRX", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/CTAR-7JTNRX" - }, - { - "name" : "VU#343971", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/343971" - }, - { - "name" : "31391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31391" - }, - { - "name" : "32047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32047" - }, - { - "name" : "4320", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080925 C4 Security Advisory - ABB PCU400 4.4-4.6 Remote Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496739/100/0/threaded" + }, + { + "name": "4320", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4320" + }, + { + "name": "http://www.kb.cert.org/vuls/id/CTAR-7JTNRX", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/CTAR-7JTNRX" + }, + { + "name": "31391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31391" + }, + { + "name": "32047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32047" + }, + { + "name": "VU#343971", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/343971" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2753.json b/2008/2xxx/CVE-2008-2753.json index 22fd0aa94a9..70633b7b854 100644 --- a/2008/2xxx/CVE-2008-2753.json +++ b/2008/2xxx/CVE-2008-2753.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Pooya Site Builder (PSB) SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2008/Jun/0115.html" - }, - { - "name" : "5788", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5788" - }, - { - "name" : "http://bugreport.ir/index.php?/42", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/42" - }, - { - "name" : "29673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29673" - }, - { - "name" : "30610", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30610" - }, - { - "name" : "pooyasitebuilder-getxsl-sql-injection(43007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pooyasitebuilder-getxsl-sql-injection(43007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43007" + }, + { + "name": "http://bugreport.ir/index.php?/42", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/42" + }, + { + "name": "30610", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30610" + }, + { + "name": "5788", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5788" + }, + { + "name": "20080611 Pooya Site Builder (PSB) SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2008/Jun/0115.html" + }, + { + "name": "29673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29673" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6931.json b/2008/6xxx/CVE-2008-6931.json index 1dc95d8016f..955cc257b2f 100644 --- a/2008/6xxx/CVE-2008-6931.json +++ b/2008/6xxx/CVE-2008-6931.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7083", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7083" - }, - { - "name" : "50295", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50295" - }, - { - "name" : "32626", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32626" - }, - { - "name" : "ADV-2008-3099", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3099" - }, - { - "name" : "jobsearch-jobseeker-file-upload(52447)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jobsearch-jobseeker-file-upload(52447)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52447" + }, + { + "name": "ADV-2008-3099", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3099" + }, + { + "name": "32626", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32626" + }, + { + "name": "7083", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7083" + }, + { + "name": "50295", + "refsource": "OSVDB", + "url": "http://osvdb.org/50295" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1214.json b/2012/1xxx/CVE-2012-1214.json index ef2a216266d..f513b150128 100644 --- a/2012/1xxx/CVE-2012-1214.json +++ b/2012/1xxx/CVE-2012-1214.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a \"Create a group\" action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/109618/#comment-10343", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109618/#comment-10343" - }, - { - "name" : "http://packetstormsecurity.org/files/109618/Yoono-Desktop-1.8.16-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109618/Yoono-Desktop-1.8.16-Cross-Site-Scripting.html" - }, - { - "name" : "http://support.yoono.com/yoono/topics/xss-w35in", - "refsource" : "CONFIRM", - "url" : "http://support.yoono.com/yoono/topics/xss-w35in" - }, - { - "name" : "yoono-addfriends-xss(73149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a \"Create a group\" action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.yoono.com/yoono/topics/xss-w35in", + "refsource": "CONFIRM", + "url": "http://support.yoono.com/yoono/topics/xss-w35in" + }, + { + "name": "http://packetstormsecurity.org/files/109618/Yoono-Desktop-1.8.16-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109618/Yoono-Desktop-1.8.16-Cross-Site-Scripting.html" + }, + { + "name": "http://packetstormsecurity.org/files/109618/#comment-10343", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109618/#comment-10343" + }, + { + "name": "yoono-addfriends-xss(73149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73149" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1349.json b/2012/1xxx/CVE-2012-1349.json index ceca08b67ba..8a749a9ecc4 100644 --- a/2012/1xxx/CVE-2012-1349.json +++ b/2012/1xxx/CVE-2012-1349.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1349", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1349", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1396.json b/2012/1xxx/CVE-2012-1396.json index 3cdddc58ac6..7c1e475f60e 100644 --- a/2012/1xxx/CVE-2012-1396.json +++ b/2012/1xxx/CVE-2012-1396.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1396-vulnerability-in-GOFBWidget.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1396-vulnerability-in-GOFBWidget.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1396-vulnerability-in-GOFBWidget.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1396-vulnerability-in-GOFBWidget.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1897.json b/2012/1xxx/CVE-2012-1897.json index 77d9ba42053..3c1c62b0904 100644 --- a/2012/1xxx/CVE-2012-1897.json +++ b/2012/1xxx/CVE-2012-1897.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the page id number to admin/page/delete; delete the (3) images or (4) themes directory via the directory name to admin/plugin/file_manager/delete, and possibly other directories; or (5) logout the user via a request to admin/login/logout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.webapp-security.com/2012/03/wolfcms/", - "refsource" : "MISC", - "url" : "http://www.webapp-security.com/2012/03/wolfcms/" - }, - { - "name" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt", - "refsource" : "MISC", - "url" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt" - }, - { - "name" : "48520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the page id number to admin/page/delete; delete the (3) images or (4) themes directory via the directory name to admin/plugin/file_manager/delete, and possibly other directories; or (5) logout the user via a request to admin/login/logout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt", + "refsource": "MISC", + "url": "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt" + }, + { + "name": "48520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48520" + }, + { + "name": "http://www.webapp-security.com/2012/03/wolfcms/", + "refsource": "MISC", + "url": "http://www.webapp-security.com/2012/03/wolfcms/" + }, + { + "name": "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1999.json b/2012/1xxx/CVE-2012-1999.json index 0e7717eea7d..8aa3e59c9b7 100644 --- a/2012/1xxx/CVE-2012-1999.json +++ b/2012/1xxx/CVE-2012-1999.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-1999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02769", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" - }, - { - "name" : "SSRT100846", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02769", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" + }, + { + "name": "SSRT100846", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5063.json b/2012/5xxx/CVE-2012-5063.json index 118ccbc41d9..3262cb3b36e 100644 --- a/2012/5xxx/CVE-2012-5063.json +++ b/2012/5xxx/CVE-2012-5063.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote attackers to affect integrity, related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "51005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote attackers to affect integrity, related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51005" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5210.json b/2012/5xxx/CVE-2012-5210.json index c49ccfd8933..5df9737a65c 100644 --- a/2012/5xxx/CVE-2012-5210.json +++ b/2012/5xxx/CVE-2012-5210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) TACACS+ Authentication Manager (TAM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1646." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-5210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02854", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" - }, - { - "name" : "SSRT101030", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" - }, - { - "name" : "SSRT100881", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136268852804156&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) TACACS+ Authentication Manager (TAM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1646." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100881", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136268852804156&w=2" + }, + { + "name": "HPSBGN02854", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" + }, + { + "name": "SSRT101030", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5879.json b/2012/5xxx/CVE-2012-5879.json index a98057b4a86..df947af3453 100644 --- a/2012/5xxx/CVE-2012-5879.json +++ b/2012/5xxx/CVE-2012-5879.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130327 McAfee Virtual Technician ActiveX Control Insecure Method", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0143.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23128", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23128" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10040", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10040" - }, - { - "name" : "58750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58750" - }, - { - "name" : "91700", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/91700" - }, - { - "name" : "1028357", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10040", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10040" + }, + { + "name": "1028357", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028357" + }, + { + "name": "20130327 McAfee Virtual Technician ActiveX Control Insecure Method", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0143.html" + }, + { + "name": "91700", + "refsource": "OSVDB", + "url": "http://osvdb.org/91700" + }, + { + "name": "58750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58750" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23128", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23128" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5948.json b/2012/5xxx/CVE-2012-5948.json index 75082e70448..af062805d6e 100644 --- a/2012/5xxx/CVE-2012-5948.json +++ b/2012/5xxx/CVE-2012-5948.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628847", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628847" - }, - { - "name" : "tririga-xss(80628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21628847", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21628847" + }, + { + "name": "tririga-xss(80628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80628" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11428.json b/2017/11xxx/CVE-2017-11428.json index d7d239abc3c..7e11fdeacd3 100644 --- a/2017/11xxx/CVE-2017-11428.json +++ b/2017/11xxx/CVE-2017-11428.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11428", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11428", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11742.json b/2017/11xxx/CVE-2017-11742.json index e3cd3965a6f..94c50bfb9c7 100644 --- a/2017/11xxx/CVE-2017-11742.json +++ b/2017/11xxx/CVE-2017-11742.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libexpat/libexpat/issues/82", - "refsource" : "CONFIRM", - "url" : "https://github.com/libexpat/libexpat/issues/82" - }, - { - "name" : "100147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libexpat/libexpat/issues/82", + "refsource": "CONFIRM", + "url": "https://github.com/libexpat/libexpat/issues/82" + }, + { + "name": "100147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100147" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11984.json b/2017/11xxx/CVE-2017-11984.json index 35a3f4f0a7c..6ab03e3af7f 100644 --- a/2017/11xxx/CVE-2017-11984.json +++ b/2017/11xxx/CVE-2017-11984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3282.json b/2017/3xxx/CVE-2017-3282.json index ce372a60209..c061a806330 100644 --- a/2017/3xxx/CVE-2017-3282.json +++ b/2017/3xxx/CVE-2017-3282.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Partner Management", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Partner Management", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95586" - }, - { - "name" : "1037639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95586" + }, + { + "name": "1037639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037639" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3895.json b/2017/3xxx/CVE-2017-3895.json index fd87c9e881e..deae3cec0b8 100644 --- a/2017/3xxx/CVE-2017-3895.json +++ b/2017/3xxx/CVE-2017-3895.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3895", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3895", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7504.json b/2017/7xxx/CVE-2017-7504.json index af1e039901f..b225fe4bc5f 100644 --- a/2017/7xxx/CVE-2017-7504.json +++ b/2017/7xxx/CVE-2017-7504.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "JBoss", - "version" : { - "version_data" : [ - { - "version_value" : "4.x" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-502" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "JBoss", + "version": { + "version_data": [ + { + "version_value": "4.x" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1451441", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1451441" - }, - { - "name" : "98595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441" + }, + { + "name": "98595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98595" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8198.json b/2017/8xxx/CVE-2017-8198.json index 5b1160a780d..eb379b15d07 100644 --- a/2017/8xxx/CVE-2017-8198.json +++ b/2017/8xxx/CVE-2017-8198.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FusionSphere", - "version" : { - "version_data" : [ - { - "version_value" : "V100R006C00SPC102(NFV)" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL injection" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FusionSphere", + "version": { + "version_data": [ + { + "version_value": "V100R006C00SPC102(NFV)" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8346.json b/2017/8xxx/CVE-2017-8346.json index 4f863757d83..4766b7ad2e2 100644 --- a/2017/8xxx/CVE-2017-8346.json +++ b/2017/8xxx/CVE-2017-8346.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/440", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/440" - }, - { - "name" : "DSA-3863", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3863" - }, - { - "name" : "98346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/440", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/440" + }, + { + "name": "98346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98346" + }, + { + "name": "DSA-3863", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3863" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10457.json b/2018/10xxx/CVE-2018-10457.json index 3e712aef448..d3517757461 100644 --- a/2018/10xxx/CVE-2018-10457.json +++ b/2018/10xxx/CVE-2018-10457.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10457", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10457", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10680.json b/2018/10xxx/CVE-2018-10680.json index 13c839ada26..ee692e461d3 100644 --- a/2018/10xxx/CVE-2018-10680.json +++ b/2018/10xxx/CVE-2018-10680.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to \"Web site settings --> Basic setting --> Website title\" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is \"just a functional bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zblogcn/zblogphp/issues/185", - "refsource" : "MISC", - "url" : "https://github.com/zblogcn/zblogphp/issues/185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to \"Web site settings --> Basic setting --> Website title\" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is \"just a functional bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zblogcn/zblogphp/issues/185", + "refsource": "MISC", + "url": "https://github.com/zblogcn/zblogphp/issues/185" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10794.json b/2018/10xxx/CVE-2018-10794.json index d4c25cce2c3..b62a24d6554 100644 --- a/2018/10xxx/CVE-2018-10794.json +++ b/2018/10xxx/CVE-2018-10794.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10794", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10794", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10804.json b/2018/10xxx/CVE-2018-10804.json index 075089d2207..feb2610a0a2 100644 --- a/2018/10xxx/CVE-2018-10804.json +++ b/2018/10xxx/CVE-2018-10804.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1053", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1053" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1053", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1053" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12330.json b/2018/12xxx/CVE-2018-12330.json index b005779e69c..245611d8ad8 100644 --- a/2018/12xxx/CVE-2018-12330.json +++ b/2018/12xxx/CVE-2018-12330.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html", - "refsource" : "MISC", - "url" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html", + "refsource": "MISC", + "url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12549.json b/2018/12xxx/CVE-2018-12549.json index 112dda019ed..58a9c654bbc 100644 --- a/2018/12xxx/CVE-2018-12549.json +++ b/2018/12xxx/CVE-2018-12549.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "emo@eclipse.org", - "ID" : "CVE-2018-12549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Eclipse OpenJ9", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "0.11.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Eclipse Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-111: Direct Use of Unsafe JNI" - } + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2018-12549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse OpenJ9", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.11.0" + } + ] + } + } + ] + }, + "vendor_name": "The Eclipse Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019", - "refsource" : "CONFIRM", - "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019" - }, - { - "name" : "RHSA-2019:0469", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0469" - }, - { - "name" : "RHSA-2019:0472", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-111: Direct Use of Unsafe JNI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0469", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0469" + }, + { + "name": "RHSA-2019:0472", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0472" + }, + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12645.json b/2018/12xxx/CVE-2018-12645.json index 44663aa2e57..6414311be36 100644 --- a/2018/12xxx/CVE-2018-12645.json +++ b/2018/12xxx/CVE-2018-12645.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12645", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12645", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12958.json b/2018/12xxx/CVE-2018-12958.json index 11d71733e09..8ab4ddd2a17 100644 --- a/2018/12xxx/CVE-2018-12958.json +++ b/2018/12xxx/CVE-2018-12958.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12958", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12958", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13326.json b/2018/13xxx/CVE-2018-13326.json index 824ba4374c7..28777b5e4ea 100644 --- a/2018/13xxx/CVE-2018-13326.json +++ b/2018/13xxx/CVE-2018-13326.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/safecomet/EtherTokens/blob/master/Bittelux%20(BTX)/Bittelux%20(BTX).md", - "refsource" : "MISC", - "url" : "https://github.com/safecomet/EtherTokens/blob/master/Bittelux%20(BTX)/Bittelux%20(BTX).md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/safecomet/EtherTokens/blob/master/Bittelux%20(BTX)/Bittelux%20(BTX).md", + "refsource": "MISC", + "url": "https://github.com/safecomet/EtherTokens/blob/master/Bittelux%20(BTX)/Bittelux%20(BTX).md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13604.json b/2018/13xxx/CVE-2018-13604.json index c8087478ff2..4f42aa4e89a 100644 --- a/2018/13xxx/CVE-2018-13604.json +++ b/2018/13xxx/CVE-2018-13604.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for wellieat, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/wellieat", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/wellieat" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for wellieat, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/wellieat", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/wellieat" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13981.json b/2018/13xxx/CVE-2018-13981.json index 7f31e44d635..34c2596e5cf 100644 --- a/2018/13xxx/CVE-2018-13981.json +++ b/2018/13xxx/CVE-2018-13981.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45016", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45016/" - }, - { - "name" : "http://packetstormsecurity.com/files/148537/Zeta-Producer-Desktop-CMS-14.2.0-Code-Execution-File-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148537/Zeta-Producer-Desktop-CMS-14.2.0-Code-Execution-File-Disclosure.html" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/148537/Zeta-Producer-Desktop-CMS-14.2.0-Code-Execution-File-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148537/Zeta-Producer-Desktop-CMS-14.2.0-Code-Execution-File-Disclosure.html" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/" + }, + { + "name": "45016", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45016/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17199.json b/2018/17xxx/CVE-2018-17199.json index b14545164b3..99faa040f49 100644 --- a/2018/17xxx/CVE-2018-17199.json +++ b/2018/17xxx/CVE-2018-17199.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2019-01-22T00:00:00", - "ID" : "CVE-2018-17199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "Apache HTTP Server 2.4.0 to 2.4.37" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Infufficient Session Expiration" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2019-01-22T00:00:00", + "ID": "CVE-2018-17199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "Apache HTTP Server 2.4.0 to 2.4.37" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190129 [SECURITY] [DLA 1647-1] apache2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html" - }, - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190125-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190125-0001/" - }, - { - "name" : "106742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Infufficient Session Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1647-1] apache2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html" + }, + { + "name": "106742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106742" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190125-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17247.json b/2018/17xxx/CVE-2018-17247.json index 218062a2d47..1ef39612156 100644 --- a/2018/17xxx/CVE-2018-17247.json +++ b/2018/17xxx/CVE-2018-17247.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "bressers@elastic.co", - "ID" : "CVE-2018-17247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Elasticsearch", - "version" : { - "version_data" : [ - { - "version_value" : "6.5.0 and 6.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2018-17247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elasticsearch", + "version": { + "version_data": [ + { + "version_value": "6.5.0 and 6.5.1" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-stack-6-5-2-security-update/159594", - "refsource" : "MISC", - "url" : "https://discuss.elastic.co/t/elastic-stack-6-5-2-security-update/159594" - }, - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - }, - { - "name" : "106294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106294" + }, + { + "name": "https://discuss.elastic.co/t/elastic-stack-6-5-2-security-update/159594", + "refsource": "MISC", + "url": "https://discuss.elastic.co/t/elastic-stack-6-5-2-security-update/159594" + }, + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17275.json b/2018/17xxx/CVE-2018-17275.json index 95425447f69..b001d4efc4c 100644 --- a/2018/17xxx/CVE-2018-17275.json +++ b/2018/17xxx/CVE-2018-17275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17275", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17275", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17410.json b/2018/17xxx/CVE-2018-17410.json index 18fcf278e08..4906d9904e1 100644 --- a/2018/17xxx/CVE-2018-17410.json +++ b/2018/17xxx/CVE-2018-17410.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lab.insightsecurity.com.br/horus-cms/", - "refsource" : "MISC", - "url" : "https://lab.insightsecurity.com.br/horus-cms/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lab.insightsecurity.com.br/horus-cms/", + "refsource": "MISC", + "url": "https://lab.insightsecurity.com.br/horus-cms/" + } + ] + } +} \ No newline at end of file