diff --git a/2003/0xxx/CVE-2003-0321.json b/2003/0xxx/CVE-2003-0321.json index df50237fb0a..d7bc10f22ea 100644 --- a/2003/0xxx/CVE-2003-0321.json +++ b/2003/0xxx/CVE-2003-0321.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030313 Buffer overflows in ircII-based clients", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104766521328322&w=2" - }, - { - "name" : "20030324 GLSA: bitchx (200303-21)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104852615211913&w=2" - }, - { - "name" : "DSA-306", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-306" - }, - { - "name" : "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz", - "refsource" : "MISC", - "url" : "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz" - }, - { - "name" : "CLA-2003:655", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655" - }, - { - "name" : "7096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7096" - }, - { - "name" : "7097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7097" - }, - { - "name" : "7099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7099" - }, - { - "name" : "7100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7096" + }, + { + "name": "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz", + "refsource": "MISC", + "url": "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz" + }, + { + "name": "7097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7097" + }, + { + "name": "CLA-2003:655", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655" + }, + { + "name": "20030324 GLSA: bitchx (200303-21)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104852615211913&w=2" + }, + { + "name": "DSA-306", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-306" + }, + { + "name": "20030313 Buffer overflows in ircII-based clients", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104766521328322&w=2" + }, + { + "name": "7100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7100" + }, + { + "name": "7099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7099" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0326.json b/2003/0xxx/CVE-2003-0326.json index d34a209b654..d574a91432b 100644 --- a/2003/0xxx/CVE-2003-0326.json +++ b/2003/0xxx/CVE-2003-0326.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of \":\" (colon) characters, whose count is used in a call to malloc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030519 bazarr slocate", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105337692202626&w=2" - }, - { - "name" : "7629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of \":\" (colon) characters, whose count is used in a call to malloc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030519 bazarr slocate", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105337692202626&w=2" + }, + { + "name": "7629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7629" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1042.json b/2003/1xxx/CVE-2003-1042.json index f406d4db742..e3ef8312e4a 100644 --- a/2003/1xxx/CVE-2003-1042.json +++ b/2003/1xxx/CVE-2003-1042.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343185" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=214290", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=214290" - }, - { - "name" : "CLA-2003:774", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774" - }, - { - "name" : "8953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8953" - }, - { - "name" : "bugzilla-productname-sql-injection(13594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343185" + }, + { + "name": "CLA-2003:774", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=214290", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=214290" + }, + { + "name": "bugzilla-productname-sql-injection(13594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13594" + }, + { + "name": "8953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8953" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1140.json b/2003/1xxx/CVE-2003-1140.json index 144d9624204..76d557aa537 100644 --- a/2003/1xxx/CVE-2003-1140.json +++ b/2003/1xxx/CVE-2003-1140.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031027 Musicqueue multiple local vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/342476" - }, - { - "name" : "20031027 Musicqueue multiple local vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html" - }, - { - "name" : "8903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8903" - }, - { - "name" : "1008014", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008014" - }, - { - "name" : "10104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10104" - }, - { - "name" : "musicqueue-getconf-bo(13521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10104" + }, + { + "name": "1008014", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008014" + }, + { + "name": "8903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8903" + }, + { + "name": "musicqueue-getconf-bo(13521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13521" + }, + { + "name": "20031027 Musicqueue multiple local vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/342476" + }, + { + "name": "20031027 Musicqueue multiple local vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1285.json b/2003/1xxx/CVE-2003-1285.json index df7552168bd..d135ff8887b 100644 --- a/2003/1xxx/CVE-2003-1285.json +++ b/2003/1xxx/CVE-2003-1285.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030925 Sambar Server Multiple Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "http://www.sambar.com/security.htm", - "refsource" : "CONFIRM", - "url" : "http://www.sambar.com/security.htm" - }, - { - "name" : "5782", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5782" - }, - { - "name" : "5783", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5783" - }, - { - "name" : "5784", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5784" - }, - { - "name" : "5785", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5785" - }, - { - "name" : "5805", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5805" - }, - { - "name" : "1007819", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007819" - }, - { - "name" : "9578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9578" - }, - { - "name" : "sambar-multiple-vulnerabilities(13305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13305" - }, - { - "name" : "sambar-multiple-xss(16056)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sambar.com/security.htm", + "refsource": "CONFIRM", + "url": "http://www.sambar.com/security.htm" + }, + { + "name": "5782", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5782" + }, + { + "name": "5785", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5785" + }, + { + "name": "5783", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5783" + }, + { + "name": "9578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9578" + }, + { + "name": "5805", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5805" + }, + { + "name": "1007819", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007819" + }, + { + "name": "sambar-multiple-vulnerabilities(13305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13305" + }, + { + "name": "sambar-multiple-xss(16056)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16056" + }, + { + "name": "20030925 Sambar Server Multiple Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true" + }, + { + "name": "5784", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5784" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0070.json b/2004/0xxx/CVE-2004-0070.json index 1f9fd5cbb95..e38edfa7def 100644 --- a/2004/0xxx/CVE-2004-0070.json +++ b/2004/0xxx/CVE-2004-0070.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040110 Remote Code Execution in ezContents", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107392588915627&w=2" - }, - { - "name" : "http://www.ezcontents.org/forum/viewtopic.php?t=361", - "refsource" : "CONFIRM", - "url" : "http://www.ezcontents.org/forum/viewtopic.php?t=361" - }, - { - "name" : "9396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9396" - }, - { - "name" : "ezcontents-php-file-include(14199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14199" - }, - { - "name" : "6878", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ezcontents.org/forum/viewtopic.php?t=361", + "refsource": "CONFIRM", + "url": "http://www.ezcontents.org/forum/viewtopic.php?t=361" + }, + { + "name": "ezcontents-php-file-include(14199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14199" + }, + { + "name": "20040110 Remote Code Execution in ezContents", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107392588915627&w=2" + }, + { + "name": "9396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9396" + }, + { + "name": "6878", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6878" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0513.json b/2004/0xxx/CVE-2004-0513.json index 568b933794a..899debf13aa 100644 --- a/2004/0xxx/CVE-2004-0513.json +++ b/2004/0xxx/CVE-2004-0513.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to \"logging when tracing system calls.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-05-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/May/msg00005.html" - }, - { - "name" : "10432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10432" - }, - { - "name" : "1010329", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/May/1010329.html" - }, - { - "name" : "macosx-nfs-logging(16291)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to \"logging when tracing system calls.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-nfs-logging(16291)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16291" + }, + { + "name": "APPLE-SA-2004-05-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/May/msg00005.html" + }, + { + "name": "1010329", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/May/1010329.html" + }, + { + "name": "10432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10432" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0761.json b/2004/0xxx/CVE-2004-0761.json index c5cd1ef874f..ee4a446e5fe 100644 --- a/2004/0xxx/CVE-2004-0761.json +++ b/2004/0xxx/CVE-2004-0761.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=240053", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=240053" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" - }, - { - "name" : "FLSA:2089", - "refsource" : "FEDORA", - "url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2" - }, - { - "name" : "RHSA-2004:421", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-421.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "SUSE-SA:2004:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "oval:org.mitre.oval:def:3603", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603" - }, - { - "name" : "oval:org.mitre.oval:def:9240", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240" - }, - { - "name" : "mozilla-redirect-ssl-spoof(16871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "SUSE-SA:2004:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" + }, + { + "name": "RHSA-2004:421", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" + }, + { + "name": "FLSA:2089", + "refsource": "FEDORA", + "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "oval:org.mitre.oval:def:3603", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=240053", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=240053" + }, + { + "name": "mozilla-redirect-ssl-spoof(16871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871" + }, + { + "name": "oval:org.mitre.oval:def:9240", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0814.json b/2004/0xxx/CVE-2004-0814.json index 2f8a79ca353..d4905ba73dc 100644 --- a/2004/0xxx/CVE-2004-0814.json +++ b/2004/0xxx/CVE-2004-0814.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041020 CAN-2004-0814: Linux terminal layer races", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/379005" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110" - }, - { - "name" : "FLSA:2336", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336" - }, - { - "name" : "MDKSA-2005:022", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" - }, - { - "name" : "20041214 [USN-38-1] Linux kernel vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110306397320336&w=2" - }, - { - "name" : "RHSA-2005:293", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-293.html" - }, - { - "name" : "11491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11491" - }, - { - "name" : "11492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11492" - }, - { - "name" : "oval:org.mitre.oval:def:10728", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10728" - }, - { - "name" : "linux-tiocsetd-race-condition(17816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110" + }, + { + "name": "MDKSA-2005:022", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" + }, + { + "name": "20041214 [USN-38-1] Linux kernel vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110306397320336&w=2" + }, + { + "name": "FLSA:2336", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336" + }, + { + "name": "linux-tiocsetd-race-condition(17816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17816" + }, + { + "name": "20041020 CAN-2004-0814: Linux terminal layer races", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/379005" + }, + { + "name": "11492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11492" + }, + { + "name": "11491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11491" + }, + { + "name": "RHSA-2005:293", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-293.html" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672" + }, + { + "name": "oval:org.mitre.oval:def:10728", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10728" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0823.json b/2004/0xxx/CVE-2004-0823.json index 47c67d8aba2..14885282eb1 100644 --- a/2004/0xxx/CVE-2004-0823.json +++ b/2004/0xxx/CVE-2004-0823.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm" - }, - { - "name" : "APPLE-SA-2004-09-07", - "refsource" : "APPLE", - "url" : "http://www.securityfocus.com/advisories/7148" - }, - { - "name" : "RHSA-2005:751", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-751.html" - }, - { - "name" : "ESB-2004.0559", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=4363" - }, - { - "name" : "11137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11137" - }, - { - "name" : "oval:org.mitre.oval:def:10703", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703" - }, - { - "name" : "12491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12491/" - }, - { - "name" : "17233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17233" - }, - { - "name" : "21520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21520" - }, - { - "name" : "openldap-crypt-gain-access(17300)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openldap-crypt-gain-access(17300)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm" + }, + { + "name": "RHSA-2005:751", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-751.html" + }, + { + "name": "12491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12491/" + }, + { + "name": "11137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11137" + }, + { + "name": "ESB-2004.0559", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=4363" + }, + { + "name": "21520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21520" + }, + { + "name": "APPLE-SA-2004-09-07", + "refsource": "APPLE", + "url": "http://www.securityfocus.com/advisories/7148" + }, + { + "name": "17233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17233" + }, + { + "name": "oval:org.mitre.oval:def:10703", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0866.json b/2004/0xxx/CVE-2004-0866.json index 73bd4ce5009..72161adfc7e 100644 --- a/2004/0xxx/CVE-2004-0866.json +++ b/2004/0xxx/CVE-2004-0866.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109536612321898&w=2" - }, - { - "name" : "11186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11186" - }, - { - "name" : "1011332", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011332" - }, - { - "name" : "web-browser-session-hijack(17415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109536612321898&w=2" + }, + { + "name": "1011332", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011332" + }, + { + "name": "web-browser-session-hijack(17415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" + }, + { + "name": "11186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11186" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1543.json b/2004/1xxx/CVE-2004-1543.json index 372bb49f435..211ff01cd60 100644 --- a/2004/1xxx/CVE-2004-1543.json +++ b/2004/1xxx/CVE-2004-1543.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041124 STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110132543805873&w=2" - }, - { - "name" : "20041124 STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029342.html" - }, - { - "name" : "11744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11744" - }, - { - "name" : "13286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13286" - }, - { - "name" : "korweblog-viewimg-directory-traversal(18234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11744" + }, + { + "name": "korweblog-viewimg-directory-traversal(18234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18234" + }, + { + "name": "13286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13286" + }, + { + "name": "20041124 STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029342.html" + }, + { + "name": "20041124 STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110132543805873&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1718.json b/2004/1xxx/CVE-2004-1718.json index e6342323286..95696cf6e3a 100644 --- a/2004/1xxx/CVE-2004-1718.json +++ b/2004/1xxx/CVE-2004-1718.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the \"oa\" argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040817 [NGSEC-2004-6] IPD, local system denial of service.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109276749821133&w=2" - }, - { - "name" : "http://www.ngsec.com/docs/advisories/NGSEC-2004-6.txt", - "refsource" : "MISC", - "url" : "http://www.ngsec.com/docs/advisories/NGSEC-2004-6.txt" - }, - { - "name" : "10965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10965" - }, - { - "name" : "12169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12169" - }, - { - "name" : "ipd-oa-pointer-dos(17010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the \"oa\" argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ngsec.com/docs/advisories/NGSEC-2004-6.txt", + "refsource": "MISC", + "url": "http://www.ngsec.com/docs/advisories/NGSEC-2004-6.txt" + }, + { + "name": "12169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12169" + }, + { + "name": "20040817 [NGSEC-2004-6] IPD, local system denial of service.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109276749821133&w=2" + }, + { + "name": "10965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10965" + }, + { + "name": "ipd-oa-pointer-dos(17010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17010" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1728.json b/2004/1xxx/CVE-2004-1728.json index 07d865b814a..1164441dfa7 100644 --- a/2004/1xxx/CVE-2004-1728.json +++ b/2004/1xxx/CVE-2004-1728.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040820 Buffer overflow in sarad", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109308454122827&w=2" - }, - { - "name" : "10984", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10984" - }, - { - "name" : "12348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12348" - }, - { - "name" : "sara-server-bo(17060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sara-server-bo(17060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17060" + }, + { + "name": "12348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12348" + }, + { + "name": "10984", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10984" + }, + { + "name": "20040820 Buffer overflow in sarad", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109308454122827&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2520.json b/2004/2xxx/CVE-2004-2520.json index fcb9677b31e..deb85503701 100644 --- a/2004/2xxx/CVE-2004-2520.json +++ b/2004/2xxx/CVE-2004-2520.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt" - }, - { - "name" : "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0", - "refsource" : "CONFIRM", - "url" : "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0" - }, - { - "name" : "10728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10728" - }, - { - "name" : "7925", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7925" - }, - { - "name" : "1010703", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010703" - }, - { - "name" : "12071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12071" - }, - { - "name" : "gattaca-pop3-dos(16703)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt" + }, + { + "name": "gattaca-pop3-dos(16703)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16703" + }, + { + "name": "12071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12071" + }, + { + "name": "10728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10728" + }, + { + "name": "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0", + "refsource": "CONFIRM", + "url": "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0" + }, + { + "name": "1010703", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010703" + }, + { + "name": "7925", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7925" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2567.json b/2004/2xxx/CVE-2004-2567.json index eb47f48b478..c3646a8ee9f 100644 --- a/2004/2xxx/CVE-2004-2567.json +++ b/2004/2xxx/CVE-2004-2567.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=90737&release_id=234415", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=90737&release_id=234415" - }, - { - "name" : "10250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10250" - }, - { - "name" : "1009984", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009984" - }, - { - "name" : "11533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11533" - }, - { - "name" : "recipants-id-sql-injection(16024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=90737&release_id=234415", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?group_id=90737&release_id=234415" + }, + { + "name": "1009984", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009984" + }, + { + "name": "recipants-id-sql-injection(16024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16024" + }, + { + "name": "11533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11533" + }, + { + "name": "10250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10250" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2601.json b/2004/2xxx/CVE-2004-2601.json index 8e20f2b6871..6cadfcb3e26 100644 --- a/2004/2xxx/CVE-2004-2601.json +++ b/2004/2xxx/CVE-2004-2601.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00058-12242004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00058-12242004" - }, - { - "name" : "12631", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12631" - }, - { - "name" : "1012685", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012685" - }, - { - "name" : "13652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13652" - }, - { - "name" : "help-center-skin-php-file-include(18695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1012685", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012685" + }, + { + "name": "help-center-skin-php-file-include(18695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18695" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00058-12242004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00058-12242004" + }, + { + "name": "12631", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12631" + }, + { + "name": "13652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13652" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2004.json b/2008/2xxx/CVE-2008-2004.json index 629df4ea34d..2a11a002a65 100644 --- a/2008/2xxx/CVE-2008-2004.json +++ b/2008/2xxx/CVE-2008-2004.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20080428 [4277] add format= to drive options (CVE-2008-2004)", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html" - }, - { - "name" : "http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277", - "refsource" : "CONFIRM", - "url" : "http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277" - }, - { - "name" : "MDVSA-2008:162", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162" - }, - { - "name" : "RHSA-2008:0194", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0194.html" - }, - { - "name" : "SUSE-SR:2008:013", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2008_13_sr.html" - }, - { - "name" : "USN-776-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-776-1" - }, - { - "name" : "29101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29101" - }, - { - "name" : "oval:org.mitre.oval:def:11021", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11021" - }, - { - "name" : "30111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30111" - }, - { - "name" : "29963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29963" - }, - { - "name" : "30717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30717" - }, - { - "name" : "29129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29129" - }, - { - "name" : "35062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35062" - }, - { - "name" : "qemu-driveinit-security-bypass(42268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35062" + }, + { + "name": "RHSA-2008:0194", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html" + }, + { + "name": "29101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29101" + }, + { + "name": "[Qemu-devel] 20080428 [4277] add format= to drive options (CVE-2008-2004)", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html" + }, + { + "name": "MDVSA-2008:162", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162" + }, + { + "name": "oval:org.mitre.oval:def:11021", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11021" + }, + { + "name": "USN-776-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-776-1" + }, + { + "name": "http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277", + "refsource": "CONFIRM", + "url": "http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277" + }, + { + "name": "29963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29963" + }, + { + "name": "29129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29129" + }, + { + "name": "30111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30111" + }, + { + "name": "qemu-driveinit-security-bypass(42268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42268" + }, + { + "name": "SUSE-SR:2008:013", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html" + }, + { + "name": "30717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30717" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2111.json b/2008/2xxx/CVE-2008-2111.json index 88cdb17e31b..cce9b691391 100644 --- a/2008/2xxx/CVE-2008-2111.json +++ b/2008/2xxx/CVE-2008-2111.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secway.org/advisory/AD20080506EN.txt", - "refsource" : "MISC", - "url" : "http://secway.org/advisory/AD20080506EN.txt" - }, - { - "name" : "29065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29065" - }, - { - "name" : "ADV-2008-1471", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1471/references" - }, - { - "name" : "1020004", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020004" - }, - { - "name" : "30115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30115" - }, - { - "name" : "yahoo-assistant-ynotifier-code-execution(42233)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30115" + }, + { + "name": "ADV-2008-1471", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1471/references" + }, + { + "name": "yahoo-assistant-ynotifier-code-execution(42233)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42233" + }, + { + "name": "http://secway.org/advisory/AD20080506EN.txt", + "refsource": "MISC", + "url": "http://secway.org/advisory/AD20080506EN.txt" + }, + { + "name": "1020004", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020004" + }, + { + "name": "29065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29065" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2579.json b/2008/2xxx/CVE-2008-2579.json index f687f0e8240..8524dfd9e61 100644 --- a/2008/2xxx/CVE-2008-2579.json +++ b/2008/2xxx/CVE-2008-2579.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "JVN#81667751", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN81667751/index.html" - }, - { - "name" : "JVNDB-2008-000040", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000040.html" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020498", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020498" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - }, - { - "name" : "oracle-weblogic-plugins-unauth-access(43823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "oracle-weblogic-plugins-unauth-access(43823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43823" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "JVN#81667751", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN81667751/index.html" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + }, + { + "name": "JVNDB-2008-000040", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000040.html" + }, + { + "name": "1020498", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020498" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6110.json b/2008/6xxx/CVE-2008-6110.json index 5abca97a8fa..aa44d6495f1 100644 --- a/2008/6xxx/CVE-2008-6110.json +++ b/2008/6xxx/CVE-2008-6110.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SemanticScuttle before 0.90 has unknown impact and attack vectors related to improper validation of parameters to profile.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=640424", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=640424" - }, - { - "name" : "32722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SemanticScuttle before 0.90 has unknown impact and attack vectors related to improper validation of parameters to profile.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32722" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=640424", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=640424" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6205.json b/2008/6xxx/CVE-2008-6205.json index 47899772650..861f089ceed 100644 --- a/2008/6xxx/CVE-2008-6205.json +++ b/2008/6xxx/CVE-2008-6205.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier Flahaut URLStreet 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) language, (2) order, and (3) filter parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28650.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28650.html" - }, - { - "name" : "28650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28650" - }, - { - "name" : "urlstreet-seeurl-xss(41731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier Flahaut URLStreet 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) language, (2) order, and (3) filter parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28650.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28650.html" + }, + { + "name": "28650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28650" + }, + { + "name": "urlstreet-seeurl-xss(41731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41731" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6770.json b/2008/6xxx/CVE-2008-6770.json index 7becc4f2cef..8c9c66a5b0b 100644 --- a/2008/6xxx/CVE-2008-6770.json +++ b/2008/6xxx/CVE-2008-6770.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7545", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7545" - }, - { - "name" : "32971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32971" - }, - { - "name" : "33272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33272" - }, - { - "name" : "yourplace-users-information-disclosure(47565)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32971" + }, + { + "name": "yourplace-users-information-disclosure(47565)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47565" + }, + { + "name": "7545", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7545" + }, + { + "name": "33272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33272" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6885.json b/2008/6xxx/CVE-2008-6885.json index f0c3b4dd29b..2e7ab3b0d54 100644 --- a/2008/6xxx/CVE-2008-6885.json +++ b/2008/6xxx/CVE-2008-6885.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 [DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=122875449930810&w=2" - }, - { - "name" : "http://www.xoops.org/modules/news/article.php?storyid=4540", - "refsource" : "CONFIRM", - "url" : "http://www.xoops.org/modules/news/article.php?storyid=4540" - }, - { - "name" : "http://www.xoops.org/modules/news/article.php?storyid=4563", - "refsource" : "CONFIRM", - "url" : "http://www.xoops.org/modules/news/article.php?storyid=4563" - }, - { - "name" : "32685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32685" - }, - { - "name" : "50574", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50574" - }, - { - "name" : "33048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081208 [DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=122875449930810&w=2" + }, + { + "name": "32685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32685" + }, + { + "name": "33048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33048" + }, + { + "name": "50574", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50574" + }, + { + "name": "http://www.xoops.org/modules/news/article.php?storyid=4563", + "refsource": "CONFIRM", + "url": "http://www.xoops.org/modules/news/article.php?storyid=4563" + }, + { + "name": "http://www.xoops.org/modules/news/article.php?storyid=4540", + "refsource": "CONFIRM", + "url": "http://www.xoops.org/modules/news/article.php?storyid=4540" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1456.json b/2012/1xxx/CVE-2012-1456.json index 6a18bb0c21c..bbb714e80a2 100644 --- a/2012/1xxx/CVE-2012-1456.json +++ b/2012/1xxx/CVE-2012-1456.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "52608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52608" - }, - { - "name" : "80389", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80389" - }, - { - "name" : "80390", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80390" - }, - { - "name" : "80391", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80391" - }, - { - "name" : "80395", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80395" - }, - { - "name" : "80396", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80396" - }, - { - "name" : "80403", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80403" - }, - { - "name" : "80406", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80406" - }, - { - "name" : "80409", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80409" - }, - { - "name" : "multiple-av-zip-archive-evasion(74289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80406", + "refsource": "OSVDB", + "url": "http://osvdb.org/80406" + }, + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "80403", + "refsource": "OSVDB", + "url": "http://osvdb.org/80403" + }, + { + "name": "80389", + "refsource": "OSVDB", + "url": "http://osvdb.org/80389" + }, + { + "name": "80391", + "refsource": "OSVDB", + "url": "http://osvdb.org/80391" + }, + { + "name": "multiple-av-zip-archive-evasion(74289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74289" + }, + { + "name": "80409", + "refsource": "OSVDB", + "url": "http://osvdb.org/80409" + }, + { + "name": "80396", + "refsource": "OSVDB", + "url": "http://osvdb.org/80396" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + }, + { + "name": "80390", + "refsource": "OSVDB", + "url": "http://osvdb.org/80390" + }, + { + "name": "52608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52608" + }, + { + "name": "80395", + "refsource": "OSVDB", + "url": "http://osvdb.org/80395" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1924.json b/2012/1xxx/CVE-2012-1924.json index f4320d5e51f..87e5ef92ced 100644 --- a/2012/1xxx/CVE-2012-1924.json +++ b/2012/1xxx/CVE-2012-1924.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1162/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1162/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1162/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1162/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1162/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1162/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1010/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1010/" - }, - { - "name" : "openSUSE-SU-2012:0610", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html" - }, - { - "name" : "80620", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80620" - }, - { - "name" : "48535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48535" - }, - { - "name" : "opera-dialog-box-code-execution(74349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/mac/1162/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1162/" + }, + { + "name": "80620", + "refsource": "OSVDB", + "url": "http://osvdb.org/80620" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1162/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1162/" + }, + { + "name": "opera-dialog-box-code-execution(74349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74349" + }, + { + "name": "openSUSE-SU-2012:0610", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1162/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1162/" + }, + { + "name": "http://www.opera.com/support/kb/view/1010/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1010/" + }, + { + "name": "48535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48535" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5136.json b/2012/5xxx/CVE-2012-5136.json index b4a4b93adfd..4d187cd2b6a 100644 --- a/2012/5xxx/CVE-2012-5136.json +++ b/2012/5xxx/CVE-2012-5136.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=159829", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=159829" - }, - { - "name" : "openSUSE-SU-2012:1637", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html" - }, - { - "name" : "56684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56684" - }, - { - "name" : "87885", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87885" - }, - { - "name" : "oval:org.mitre.oval:def:15929", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15929" - }, - { - "name" : "1027815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027815" - }, - { - "name" : "google-input-element-code-exec(80296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15929", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15929" + }, + { + "name": "openSUSE-SU-2012:1637", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=159829", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=159829" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html" + }, + { + "name": "1027815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027815" + }, + { + "name": "87885", + "refsource": "OSVDB", + "url": "http://osvdb.org/87885" + }, + { + "name": "google-input-element-code-exec(80296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80296" + }, + { + "name": "56684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56684" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5147.json b/2012/5xxx/CVE-2012-5147.json index 5735d33dae8..6ce9e92dccd 100644 --- a/2012/5xxx/CVE-2012-5147.json +++ b/2012/5xxx/CVE-2012-5147.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=165864", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=165864" - }, - { - "name" : "openSUSE-SU-2013:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:16269", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=165864", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=165864" + }, + { + "name": "oval:org.mitre.oval:def:16269", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16269" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5422.json b/2012/5xxx/CVE-2012-5422.json index 3f9606c5ca2..ede07b49a08 100644 --- a/2012/5xxx/CVE-2012-5422.json +++ b/2012/5xxx/CVE-2012-5422.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-5422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5786.json b/2012/5xxx/CVE-2012-5786.json index 56f6bd31d3f..665b98d39e0 100644 --- a/2012/5xxx/CVE-2012-5786.json +++ b/2012/5xxx/CVE-2012-5786.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "apache-cxf-ssl-spoofing(79983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apache-cxf-ssl-spoofing(79983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79983" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5918.json b/2012/5xxx/CVE-2012-5918.json index 89d2c8874e3..e06e2d2b080 100644 --- a/2012/5xxx/CVE-2012-5918.json +++ b/2012/5xxx/CVE-2012-5918.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18344", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18344", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18344" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11619.json b/2017/11xxx/CVE-2017-11619.json index 048228947cc..662386efd75 100644 --- a/2017/11xxx/CVE-2017-11619.json +++ b/2017/11xxx/CVE-2017-11619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11619", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11619", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11655.json b/2017/11xxx/CVE-2017-11655.json index b9530f42cf7..437c7500654 100644 --- a/2017/11xxx/CVE-2017-11655.json +++ b/2017/11xxx/CVE-2017-11655.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/07/26/1", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/07/26/1" - }, - { - "name" : "100024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2017/07/26/1", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/07/26/1" + }, + { + "name": "100024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100024" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11752.json b/2017/11xxx/CVE-2017-11752.json index ecf87b817ee..dc9b364ec3f 100644 --- a/2017/11xxx/CVE-2017-11752.json +++ b/2017/11xxx/CVE-2017-11752.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/628", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/628", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/628" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15052.json b/2017/15xxx/CVE-2017-15052.json index 7dd9f16e725..2571a6ed01e 100644 --- a/2017/15xxx/CVE-2017-15052.json +++ b/2017/15xxx/CVE-2017-15052.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_user\" on users.queries.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.amossys.fr/teampass-multiple-cve-01.html", - "refsource" : "MISC", - "url" : "http://blog.amossys.fr/teampass-multiple-cve-01.html" - }, - { - "name" : "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1", - "refsource" : "MISC", - "url" : "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_user\" on users.queries.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.amossys.fr/teampass-multiple-cve-01.html", + "refsource": "MISC", + "url": "http://blog.amossys.fr/teampass-multiple-cve-01.html" + }, + { + "name": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1", + "refsource": "MISC", + "url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15194.json b/2017/15xxx/CVE-2017-15194.json index 9a77d9cc003..86ebb93fb8e 100644 --- a/2017/15xxx/CVE-2017-15194.json +++ b/2017/15xxx/CVE-2017-15194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd", - "refsource" : "CONFIRM", - "url" : "https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd" - }, - { - "name" : "https://github.com/Cacti/cacti/issues/1010", - "refsource" : "CONFIRM", - "url" : "https://github.com/Cacti/cacti/issues/1010" - }, - { - "name" : "1039569", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039569", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039569" + }, + { + "name": "https://github.com/Cacti/cacti/issues/1010", + "refsource": "CONFIRM", + "url": "https://github.com/Cacti/cacti/issues/1010" + }, + { + "name": "https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd", + "refsource": "CONFIRM", + "url": "https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3193.json b/2017/3xxx/CVE-2017-3193.json index 116706900e0..5b76908618d 100644 --- a/2017/3xxx/CVE-2017-3193.json +++ b/2017/3xxx/CVE-2017-3193.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DIR-850L and potentially others", - "version" : { - "version_data" : [ - { - "version_value" : "1.14B07" - }, - { - "version_value" : "2.07.B05" - } - ] - } - } - ] - }, - "vendor_name" : "D-Link" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121: Stack-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIR-850L and potentially others", + "version": { + "version_data": [ + { + "version_value": "1.14B07" + }, + { + "version_value": "2.07.B05" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967", - "refsource" : "MISC", - "url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967" - }, - { - "name" : "https://twitter.com/NCCGroupInfosec/status/845269159277723649", - "refsource" : "MISC", - "url" : "https://twitter.com/NCCGroupInfosec/status/845269159277723649" - }, - { - "name" : "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories" - }, - { - "name" : "VU#305448", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/305448" - }, - { - "name" : "96747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#305448", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/305448" + }, + { + "name": "https://twitter.com/NCCGroupInfosec/status/845269159277723649", + "refsource": "MISC", + "url": "https://twitter.com/NCCGroupInfosec/status/845269159277723649" + }, + { + "name": "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories" + }, + { + "name": "96747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96747" + }, + { + "name": "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967", + "refsource": "MISC", + "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3545.json b/2017/3xxx/CVE-2017-3545.json index 08986ea17b4..66876e47e12 100644 --- a/2017/3xxx/CVE-2017-3545.json +++ b/2017/3xxx/CVE-2017-3545.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCenter Sites", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.8.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.8.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97804" - }, - { - "name" : "1038291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038291" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97804" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3560.json b/2017/3xxx/CVE-2017-3560.json index 94c9e334d82..c634dfbcdf5 100644 --- a/2017/3xxx/CVE-2017-3560.json +++ b/2017/3xxx/CVE-2017-3560.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality OPERA 5 Property Services", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.4.0.x" - }, - { - "version_affected" : "=", - "version_value" : "5.4.1.x" - }, - { - "version_affected" : "=", - "version_value" : "5.4.2.x" - }, - { - "version_affected" : "=", - "version_value" : "5.4.3.x" - }, - { - "version_affected" : "=", - "version_value" : "5.5.0.x" - }, - { - "version_affected" : "=", - "version_value" : "5.5.1.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.4.0.x" + }, + { + "version_affected": "=", + "version_value": "5.4.1.x" + }, + { + "version_affected": "=", + "version_value": "5.4.2.x" + }, + { + "version_affected": "=", + "version_value": "5.4.3.x" + }, + { + "version_affected": "=", + "version_value": "5.5.0.x" + }, + { + "version_affected": "=", + "version_value": "5.5.1.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97829" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8031.json b/2017/8xxx/CVE-2017-8031.json index f0c1d386acd..c80f90a9b06 100644 --- a/2017/8xxx/CVE-2017-8031.json +++ b/2017/8xxx/CVE-2017-8031.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1", - "version" : { - "version_data" : [ - { - "version_value" : "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1", + "version": { + "version_data": [ + { + "version_value": "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/cve-2017-8031/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/cve-2017-8031/" - }, - { - "name" : "101967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/cve-2017-8031/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/cve-2017-8031/" + }, + { + "name": "101967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101967" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8431.json b/2017/8xxx/CVE-2017-8431.json index 8f18cf23d62..adccb2a1906 100644 --- a/2017/8xxx/CVE-2017-8431.json +++ b/2017/8xxx/CVE-2017-8431.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8431", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8431", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8514.json b/2017/8xxx/CVE-2017-8514.json index d3e979a3cef..175367898a8 100644 --- a/2017/8xxx/CVE-2017-8514.json +++ b/2017/8xxx/CVE-2017-8514.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft SharePoint Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka \"Microsoft SharePoint Reflective XSS Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8514", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8514" - }, - { - "name" : "98831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98831" - }, - { - "name" : "1038663", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka \"Microsoft SharePoint Reflective XSS Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8514", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8514" + }, + { + "name": "98831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98831" + }, + { + "name": "1038663", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038663" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8690.json b/2017/8xxx/CVE-2017-8690.json index 2aac7409d2e..f68513d9014 100644 --- a/2017/8xxx/CVE-2017-8690.json +++ b/2017/8xxx/CVE-2017-8690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8711.json b/2017/8xxx/CVE-2017-8711.json index a4de074e540..5b71134f46c 100644 --- a/2017/8xxx/CVE-2017-8711.json +++ b/2017/8xxx/CVE-2017-8711.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Hyper-V", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1607 and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Hyper-V", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1607 and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8711", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8711" - }, - { - "name" : "100794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100794" - }, - { - "name" : "1039317", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8711", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8711" + }, + { + "name": "1039317", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039317" + }, + { + "name": "100794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100794" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8849.json b/2017/8xxx/CVE-2017-8849.json index 0c5bed26a4f..04b03431bb2 100644 --- a/2017/8xxx/CVE-2017-8849.json +++ b/2017/8xxx/CVE-2017-8849.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42053", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42053/" - }, - { - "name" : "[oss-security] 20170510 generic kde LPE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/10/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1449656", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1449656" - }, - { - "name" : "https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce", - "refsource" : "CONFIRM", - "url" : "https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce" - }, - { - "name" : "https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e", - "refsource" : "CONFIRM", - "url" : "https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e" - }, - { - "name" : "https://www.kde.org/info/security/advisory-20170510-2.txt", - "refsource" : "CONFIRM", - "url" : "https://www.kde.org/info/security/advisory-20170510-2.txt" - }, - { - "name" : "DSA-3951", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3951" - }, - { - "name" : "GLSA-201705-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-14" - }, - { - "name" : "98737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98737" - }, - { - "name" : "98690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e", + "refsource": "CONFIRM", + "url": "https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e" + }, + { + "name": "42053", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42053/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1449656", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449656" + }, + { + "name": "DSA-3951", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3951" + }, + { + "name": "GLSA-201705-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-14" + }, + { + "name": "https://www.kde.org/info/security/advisory-20170510-2.txt", + "refsource": "CONFIRM", + "url": "https://www.kde.org/info/security/advisory-20170510-2.txt" + }, + { + "name": "https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce", + "refsource": "CONFIRM", + "url": "https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce" + }, + { + "name": "98690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98690" + }, + { + "name": "[oss-security] 20170510 generic kde LPE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/05/10/3" + }, + { + "name": "98737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98737" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10417.json b/2018/10xxx/CVE-2018-10417.json index 9cd7be88452..22a608e77b6 100644 --- a/2018/10xxx/CVE-2018-10417.json +++ b/2018/10xxx/CVE-2018-10417.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10417", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10417", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10624.json b/2018/10xxx/CVE-2018-10624.json index 7d43fbeeedf..011975cc95c 100644 --- a/2018/10xxx/CVE-2018-10624.json +++ b/2018/10xxx/CVE-2018-10624.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-07-31T00:00:00", - "ID" : "CVE-2018-10624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Metasys System", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 8.0 and prior" - } - ] - } - }, - { - "product_name" : "BCPro (BCM)", - "version" : { - "version_data" : [ - { - "version_value" : "all versions prior to 3.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Johnson Controls" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-07-31T00:00:00", + "ID": "CVE-2018-10624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Metasys System", + "version": { + "version_data": [ + { + "version_value": "Versions 8.0 and prior" + } + ] + } + }, + { + "product_name": "BCPro (BCM)", + "version": { + "version_data": [ + { + "version_value": "all versions prior to 3.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Johnson Controls" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02" - }, - { - "name" : "104937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02" + }, + { + "name": "104937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104937" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10823.json b/2018/10xxx/CVE-2018-10823.json index eb4731050b5..fa4341b58be 100644 --- a/2018/10xxx/CVE-2018-10823.json +++ b/2018/10xxx/CVE-2018-10823.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181012 Multiple vulnerabilities in D-Link routers", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Oct/36" - }, - { - "name" : "http://sploit.tech/2018/10/12/D-Link.html", - "refsource" : "MISC", - "url" : "http://sploit.tech/2018/10/12/D-Link.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181012 Multiple vulnerabilities in D-Link routers", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Oct/36" + }, + { + "name": "http://sploit.tech/2018/10/12/D-Link.html", + "refsource": "MISC", + "url": "http://sploit.tech/2018/10/12/D-Link.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10992.json b/2018/10xxx/CVE-2018-10992.json index b786a56ce51..acddf09562c 100644 --- a/2018/10xxx/CVE-2018-10992.json +++ b/2018/10xxx/CVE-2018-10992.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/898373", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/898373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/898373", + "refsource": "MISC", + "url": "https://bugs.debian.org/898373" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12251.json b/2018/12xxx/CVE-2018-12251.json index b02648e9cd8..fe241e06bb7 100644 --- a/2018/12xxx/CVE-2018-12251.json +++ b/2018/12xxx/CVE-2018-12251.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12251", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12251", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12500.json b/2018/12xxx/CVE-2018-12500.json index 52b4061044f..b0724476c55 100644 --- a/2018/12xxx/CVE-2018-12500.json +++ b/2018/12xxx/CVE-2018-12500.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12500", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12500", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12506.json b/2018/12xxx/CVE-2018-12506.json index f7c0e82e884..5586c3d707a 100644 --- a/2018/12xxx/CVE-2018-12506.json +++ b/2018/12xxx/CVE-2018-12506.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12506", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12506", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12933.json b/2018/12xxx/CVE-2018-12933.json index 6751422288d..79e57683927 100644 --- a/2018/12xxx/CVE-2018-12933.json +++ b/2018/12xxx/CVE-2018-12933.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/wine/+bug/1764719", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/wine/+bug/1764719" - }, - { - "name" : "https://bugs.winehq.org/attachment.cgi?id=61285", - "refsource" : "MISC", - "url" : "https://bugs.winehq.org/attachment.cgi?id=61285" - }, - { - "name" : "https://bugs.winehq.org/show_bug.cgi?id=45106", - "refsource" : "MISC", - "url" : "https://bugs.winehq.org/show_bug.cgi?id=45106" - }, - { - "name" : "https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d", - "refsource" : "MISC", - "url" : "https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d" - }, - { - "name" : "https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949", - "refsource" : "MISC", - "url" : "https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949", + "refsource": "MISC", + "url": "https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949" + }, + { + "name": "https://bugs.winehq.org/show_bug.cgi?id=45106", + "refsource": "MISC", + "url": "https://bugs.winehq.org/show_bug.cgi?id=45106" + }, + { + "name": "https://bugs.winehq.org/attachment.cgi?id=61285", + "refsource": "MISC", + "url": "https://bugs.winehq.org/attachment.cgi?id=61285" + }, + { + "name": "https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d", + "refsource": "MISC", + "url": "https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/wine/+bug/1764719", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/wine/+bug/1764719" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13032.json b/2018/13xxx/CVE-2018-13032.json index 6f80898e13e..e27636b9c2b 100644 --- a/2018/13xxx/CVE-2018-13032.json +++ b/2018/13xxx/CVE-2018-13032.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44938", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44938/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44938", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44938/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13390.json b/2018/13xxx/CVE-2018-13390.json index c663762bb4b..aa2b6e3afe6 100644 --- a/2018/13xxx/CVE-2018-13390.json +++ b/2018/13xxx/CVE-2018-13390.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-08-09T00:00:00", - "ID" : "CVE-2018-13390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cloudtoken", - "version" : { - "version_data" : [ - { - "version_affected" : ">=", - "version_value" : "0.1.1" - }, - { - "version_affected" : "<", - "version_value" : "0.1.24" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of Communication Channel to Intended Endpoints" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-08-09T00:00:00", + "ID": "CVE-2018-13390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cloudtoken", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "0.1.1" + }, + { + "version_affected": "<", + "version_value": "0.1.24" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux", - "refsource" : "MISC", - "url" : "https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Communication Channel to Intended Endpoints" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux", + "refsource": "MISC", + "url": "https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13496.json b/2018/13xxx/CVE-2018-13496.json index 1e9e9404bce..b4986c443d7 100644 --- a/2018/13xxx/CVE-2018-13496.json +++ b/2018/13xxx/CVE-2018-13496.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RajTestICO", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RajTestICO" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RajTestICO", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RajTestICO" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13953.json b/2018/13xxx/CVE-2018-13953.json index 90d33783c47..9c221678691 100644 --- a/2018/13xxx/CVE-2018-13953.json +++ b/2018/13xxx/CVE-2018-13953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13953", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13953", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16571.json b/2018/16xxx/CVE-2018-16571.json index 14cb606306f..1d28fa7e3af 100644 --- a/2018/16xxx/CVE-2018-16571.json +++ b/2018/16xxx/CVE-2018-16571.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16571", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16571", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17253.json b/2018/17xxx/CVE-2018-17253.json index f45d822f785..71e6bb9fd8d 100644 --- a/2018/17xxx/CVE-2018-17253.json +++ b/2018/17xxx/CVE-2018-17253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17253", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17253", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17660.json b/2018/17xxx/CVE-2018-17660.json index 379521d5c7e..c6cd400f07a 100644 --- a/2018/17xxx/CVE-2018-17660.json +++ b/2018/17xxx/CVE-2018-17660.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6512." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1193/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1193/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6512." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1193/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1193/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17918.json b/2018/17xxx/CVE-2018-17918.json index c44461e5e2a..2ba0843640f 100644 --- a/2018/17xxx/CVE-2018-17918.json +++ b/2018/17xxx/CVE-2018-17918.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-17918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Circontrol CirCarLife all versions prior to 4.3.1", - "version" : { - "version_data" : [ - { - "version_value" : "Circontrol CirCarLife all versions prior to 4.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "unknown" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-17918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Circontrol CirCarLife all versions prior to 4.3.1", + "version": { + "version_data": [ + { + "version_value": "Circontrol CirCarLife all versions prior to 4.3.1" + } + ] + } + } + ] + }, + "vendor_name": "unknown" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03" - }, - { - "name" : "105816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105816" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03" + } + ] + } +} \ No newline at end of file