From 39ac38b0c7c828757ad3ec094e4402dca9487d43 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:36:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0220.json | 180 ++++++++++++++--------------- 2004/0xxx/CVE-2004-0581.json | 140 +++++++++++------------ 2004/0xxx/CVE-2004-0640.json | 140 +++++++++++------------ 2004/1xxx/CVE-2004-1151.json | 170 ++++++++++++++-------------- 2004/1xxx/CVE-2004-1379.json | 190 +++++++++++++++---------------- 2004/1xxx/CVE-2004-1647.json | 160 +++++++++++++------------- 2004/2xxx/CVE-2004-2322.json | 180 ++++++++++++++--------------- 2004/2xxx/CVE-2004-2585.json | 180 ++++++++++++++--------------- 2008/2xxx/CVE-2008-2002.json | 180 ++++++++++++++--------------- 2008/2xxx/CVE-2008-2060.json | 170 ++++++++++++++-------------- 2008/2xxx/CVE-2008-2207.json | 160 +++++++++++++------------- 2008/2xxx/CVE-2008-2391.json | 160 +++++++++++++------------- 2008/2xxx/CVE-2008-2408.json | 180 ++++++++++++++--------------- 2008/3xxx/CVE-2008-3059.json | 150 ++++++++++++------------- 2008/3xxx/CVE-2008-3066.json | 200 ++++++++++++++++----------------- 2008/3xxx/CVE-2008-3543.json | 180 ++++++++++++++--------------- 2008/6xxx/CVE-2008-6021.json | 140 +++++++++++------------ 2008/6xxx/CVE-2008-6230.json | 160 +++++++++++++------------- 2008/6xxx/CVE-2008-6263.json | 160 +++++++++++++------------- 2008/6xxx/CVE-2008-6269.json | 160 +++++++++++++------------- 2008/7xxx/CVE-2008-7177.json | 190 +++++++++++++++---------------- 2008/7xxx/CVE-2008-7207.json | 130 ++++++++++----------- 2012/5xxx/CVE-2012-5042.json | 34 +++--- 2012/5xxx/CVE-2012-5059.json | 130 ++++++++++----------- 2012/5xxx/CVE-2012-5992.json | 120 ++++++++++---------- 2017/11xxx/CVE-2017-11134.json | 120 ++++++++++---------- 2017/11xxx/CVE-2017-11700.json | 34 +++--- 2017/11xxx/CVE-2017-11734.json | 130 ++++++++++----------- 2017/11xxx/CVE-2017-11781.json | 142 +++++++++++------------ 2017/11xxx/CVE-2017-11808.json | 142 +++++++++++------------ 2017/14xxx/CVE-2017-14428.json | 120 ++++++++++---------- 2017/14xxx/CVE-2017-14639.json | 140 +++++++++++------------ 2017/14xxx/CVE-2017-14911.json | 142 +++++++++++------------ 2017/14xxx/CVE-2017-14912.json | 142 +++++++++++------------ 2017/14xxx/CVE-2017-14938.json | 150 ++++++++++++------------- 2017/15xxx/CVE-2017-15557.json | 34 +++--- 2017/15xxx/CVE-2017-15755.json | 120 ++++++++++---------- 2017/15xxx/CVE-2017-15826.json | 132 +++++++++++----------- 2017/8xxx/CVE-2017-8082.json | 140 +++++++++++------------ 2017/8xxx/CVE-2017-8409.json | 34 +++--- 2017/8xxx/CVE-2017-8640.json | 152 ++++++++++++------------- 2017/8xxx/CVE-2017-8854.json | 120 ++++++++++---------- 2017/8xxx/CVE-2017-8972.json | 132 +++++++++++----------- 2018/12xxx/CVE-2018-12201.json | 122 ++++++++++---------- 2018/12xxx/CVE-2018-12487.json | 34 +++--- 2018/12xxx/CVE-2018-12550.json | 34 +++--- 2018/12xxx/CVE-2018-12689.json | 120 ++++++++++---------- 2018/12xxx/CVE-2018-12727.json | 34 +++--- 2018/12xxx/CVE-2018-12968.json | 34 +++--- 2018/13xxx/CVE-2018-13070.json | 120 ++++++++++---------- 2018/13xxx/CVE-2018-13331.json | 120 ++++++++++---------- 2018/13xxx/CVE-2018-13398.json | 134 +++++++++++----------- 2018/13xxx/CVE-2018-13735.json | 130 ++++++++++----------- 2018/13xxx/CVE-2018-13890.json | 34 +++--- 2018/16xxx/CVE-2018-16162.json | 130 ++++++++++----------- 2018/16xxx/CVE-2018-16300.json | 34 +++--- 2018/16xxx/CVE-2018-16963.json | 34 +++--- 2018/17xxx/CVE-2018-17343.json | 34 +++--- 2018/17xxx/CVE-2018-17381.json | 34 +++--- 2018/4xxx/CVE-2018-4320.json | 34 +++--- 2018/4xxx/CVE-2018-4625.json | 34 +++--- 2018/4xxx/CVE-2018-4836.json | 142 +++++++++++------------ 2019/9xxx/CVE-2019-9851.json | 18 +++ 63 files changed, 3749 insertions(+), 3731 deletions(-) create mode 100644 2019/9xxx/CVE-2019-9851.json diff --git a/2004/0xxx/CVE-2004-0220.json b/2004/0xxx/CVE-2004-0220.json index f5a319fcbac..c23787e979b 100644 --- a/2004/0xxx/CVE-2004-0220.json +++ b/2004/0xxx/CVE-2004-0220.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108008530028019&w=2" - }, - { - "name" : "http://www.rapid7.com/advisories/R7-0018.html", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0018.html" - }, - { - "name" : "20040317 015: RELIABILITY FIX: March 17, 2004", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html" - }, - { - "name" : "VU#223273", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/223273" - }, - { - "name" : "9907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9907" - }, - { - "name" : "1009468", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Mar/1009468.html" - }, - { - "name" : "openbsd-isakmp-integer-underflow(15629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1009468", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Mar/1009468.html" + }, + { + "name": "9907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9907" + }, + { + "name": "20040317 015: RELIABILITY FIX: March 17, 2004", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html" + }, + { + "name": "20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108008530028019&w=2" + }, + { + "name": "VU#223273", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/223273" + }, + { + "name": "openbsd-isakmp-integer-underflow(15629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15629" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0018.html", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0018.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0581.json b/2004/0xxx/CVE-2004-0581.json index 1393bf9c721..0ed804df747 100644 --- a/2004/0xxx/CVE-2004-0581.json +++ b/2004/0xxx/CVE-2004-0581.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2004:060", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:060" - }, - { - "name" : "10516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10516" - }, - { - "name" : "ksymoops-symlink(16392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10516" + }, + { + "name": "ksymoops-symlink(16392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16392" + }, + { + "name": "MDKSA-2004:060", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:060" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0640.json b/2004/0xxx/CVE-2004-0640.json index e15ad60e786..7a6eba74e73 100644 --- a/2004/0xxx/CVE-2004-0640.json +++ b/2004/0xxx/CVE-2004-0640.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.idefense.com/application/poi/display?id=114&type=vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.idefense.com/application/poi/display?id=114&type=vulnerabilities" - }, - { - "name" : "DSA-529", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-529" - }, - { - "name" : "ssltelnetd-format-string(16653)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ssltelnetd-format-string(16653)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16653" + }, + { + "name": "http://www.idefense.com/application/poi/display?id=114&type=vulnerabilities", + "refsource": "MISC", + "url": "http://www.idefense.com/application/poi/display?id=114&type=vulnerabilities" + }, + { + "name": "DSA-529", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-529" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1151.json b/2004/1xxx/CVE-2004-1151.json index 95bbf4ae8bb..546ca9fe700 100644 --- a/2004/1xxx/CVE-2004-1151.json +++ b/2004/1xxx/CVE-2004-1151.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20041130 Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()", - "refsource" : "MLIST", - "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@1.2079", - "refsource" : "MISC", - "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@1.2079" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ", - "refsource" : "MISC", - "url" : "http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ" - }, - { - "name" : "MDKSA-2005:022", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" - }, - { - "name" : "20041214 [USN-38-1] Linux kernel vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110306397320336&w=2" - }, - { - "name" : "SUSE-SA:2004:044", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_44_kernel.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://linux.bkbits.net:8080/linux-2.6/cset@1.2079", + "refsource": "MISC", + "url": "http://linux.bkbits.net:8080/linux-2.6/cset@1.2079" + }, + { + "name": "MDKSA-2005:022", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" + }, + { + "name": "20041214 [USN-38-1] Linux kernel vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110306397320336&w=2" + }, + { + "name": "SUSE-SA:2004:044", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_44_kernel.html" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ", + "refsource": "MISC", + "url": "http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ" + }, + { + "name": "[linux-kernel] 20041130 Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()", + "refsource": "MLIST", + "url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1379.json b/2004/1xxx/CVE-2004-1379.json index 7ae4e4f777f..ccec6ccdef1 100644 --- a/2004/1xxx/CVE-2004-1379.json +++ b/2004/1xxx/CVE-2004-1379.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0" - }, - { - "name" : "http://xinehq.de/index.php/security/XSA-2004-5", - "refsource" : "CONFIRM", - "url" : "http://xinehq.de/index.php/security/XSA-2004-5" - }, - { - "name" : "DSA-657", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-657" - }, - { - "name" : "GLSA-200409-30", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" - }, - { - "name" : "SSA:2004-266", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.320308" - }, - { - "name" : "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html", - "refsource" : "CONFIRM", - "url" : "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html" - }, - { - "name" : "11205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11205" - }, - { - "name" : "xine-dvd-subpicture-bo(17423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xine-dvd-subpicture-bo(17423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423" + }, + { + "name": "SSA:2004-266", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.320308" + }, + { + "name": "http://xinehq.de/index.php/security/XSA-2004-5", + "refsource": "CONFIRM", + "url": "http://xinehq.de/index.php/security/XSA-2004-5" + }, + { + "name": "DSA-657", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-657" + }, + { + "name": "11205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11205" + }, + { + "name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0" + }, + { + "name": "GLSA-200409-30", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" + }, + { + "name": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html", + "refsource": "CONFIRM", + "url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1647.json b/2004/1xxx/CVE-2004-1647.json index aca8171ba94..b17947f1929 100644 --- a/2004/1xxx/CVE-2004-1647.json +++ b/2004/1xxx/CVE-2004-1647.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040830 Password Protect XSS and SQL-Injection vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109414967003192&w=2" - }, - { - "name" : "http://www.criolabs.net/advisories/passprotect.txt", - "refsource" : "MISC", - "url" : "http://www.criolabs.net/advisories/passprotect.txt" - }, - { - "name" : "11073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11073" - }, - { - "name" : "12407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12407" - }, - { - "name" : "password-protect-sql-injection(17188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11073" + }, + { + "name": "20040830 Password Protect XSS and SQL-Injection vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109414967003192&w=2" + }, + { + "name": "password-protect-sql-injection(17188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17188" + }, + { + "name": "12407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12407" + }, + { + "name": "http://www.criolabs.net/advisories/passprotect.txt", + "refsource": "MISC", + "url": "http://www.criolabs.net/advisories/passprotect.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2322.json b/2004/2xxx/CVE-2004-2322.json index 1837af86b9d..976549c51c7 100644 --- a/2004/2xxx/CVE-2004-2322.json +++ b/2004/2xxx/CVE-2004-2322.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.systemsecure.org/advisories/ssadvisory13022004.php", - "refsource" : "MISC", - "url" : "http://www.systemsecure.org/advisories/ssadvisory13022004.php" - }, - { - "name" : "http://www.zone-h.com/advisories/read/id=3955", - "refsource" : "MISC", - "url" : "http://www.zone-h.com/advisories/read/id=3955" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=892174&group_id=15539&atid=115539", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=892174&group_id=15539&atid=115539" - }, - { - "name" : "3852", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3852" - }, - { - "name" : "1009045", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Feb/1009045.html" - }, - { - "name" : "10878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10878/" - }, - { - "name" : "phpwebsite-announce-sql-injection(15219)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10878/" + }, + { + "name": "phpwebsite-announce-sql-injection(15219)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15219" + }, + { + "name": "http://www.systemsecure.org/advisories/ssadvisory13022004.php", + "refsource": "MISC", + "url": "http://www.systemsecure.org/advisories/ssadvisory13022004.php" + }, + { + "name": "http://www.zone-h.com/advisories/read/id=3955", + "refsource": "MISC", + "url": "http://www.zone-h.com/advisories/read/id=3955" + }, + { + "name": "1009045", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Feb/1009045.html" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=892174&group_id=15539&atid=115539", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=892174&group_id=15539&atid=115539" + }, + { + "name": "3852", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3852" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2585.json b/2004/2xxx/CVE-2004-2585.json index bd48e142bf7..b6daa17f211 100644 --- a/2004/2xxx/CVE-2004-2585.json +++ b/2004/2xxx/CVE-2004-2585.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the \"check spelling\" feature in the compose area." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt" - }, - { - "name" : "http://www.zone-h.org/advisories/read/id=4098", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=4098" - }, - { - "name" : "9805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9805" - }, - { - "name" : "4145", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4145" - }, - { - "name" : "1009307", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009307" - }, - { - "name" : "11042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11042" - }, - { - "name" : "smartermail-spellchecker-xss(15393)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the \"check spelling\" feature in the compose area." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9805" + }, + { + "name": "http://www.zone-h.org/advisories/read/id=4098", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=4098" + }, + { + "name": "smartermail-spellchecker-xss(15393)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15393" + }, + { + "name": "4145", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4145" + }, + { + "name": "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt" + }, + { + "name": "1009307", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009307" + }, + { + "name": "11042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11042" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2002.json b/2008/2xxx/CVE-2008-2002.json index 6454a2f9e0a..36cc358c45c 100644 --- a/2008/2xxx/CVE-2008-2002.json +++ b/2008/2xxx/CVE-2008-2002.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the \"Restart Cable Modem\" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the \"Reset All Defaults\" value in the BUTTON_INPUT parameter to configdata.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080418 Sea-Surfing on the Motorola Surfboard", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491143/100/0/threaded" - }, - { - "name" : "http://www.rooksecurity.com/blog/?p=4", - "refsource" : "MISC", - "url" : "http://www.rooksecurity.com/blog/?p=4" - }, - { - "name" : "VU#643049", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/643049" - }, - { - "name" : "ADV-2008-1390", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1390/references" - }, - { - "name" : "30026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30026" - }, - { - "name" : "3839", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3839" - }, - { - "name" : "surfboard-configdata-csrf(42091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the \"Restart Cable Modem\" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the \"Reset All Defaults\" value in the BUTTON_INPUT parameter to configdata.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3839", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3839" + }, + { + "name": "ADV-2008-1390", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1390/references" + }, + { + "name": "http://www.rooksecurity.com/blog/?p=4", + "refsource": "MISC", + "url": "http://www.rooksecurity.com/blog/?p=4" + }, + { + "name": "surfboard-configdata-csrf(42091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42091" + }, + { + "name": "VU#643049", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/643049" + }, + { + "name": "30026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30026" + }, + { + "name": "20080418 Sea-Surfing on the Motorola Surfboard", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491143/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2060.json b/2008/2xxx/CVE-2008-2060.json index 461a8e4ece3..2105f9c8641 100644 --- a/2008/2xxx/CVE-2008-2060.json +++ b/2008/2xxx/CVE-2008-2060.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a \"specific series of jumbo Ethernet frames.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-2060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080618 Cisco Intrusion Prevention System Jumbo Frame Denial of Service", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtml" - }, - { - "name" : "29791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29791" - }, - { - "name" : "ADV-2008-1872", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1872/references" - }, - { - "name" : "1020326", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020326" - }, - { - "name" : "30767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30767" - }, - { - "name" : "cisco-ips-ethernetframes-dos(43166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a \"specific series of jumbo Ethernet frames.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080618 Cisco Intrusion Prevention System Jumbo Frame Denial of Service", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtml" + }, + { + "name": "1020326", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020326" + }, + { + "name": "29791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29791" + }, + { + "name": "ADV-2008-1872", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1872/references" + }, + { + "name": "30767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30767" + }, + { + "name": "cisco-ips-ethernetframes-dos(43166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43166" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2207.json b/2008/2xxx/CVE-2008-2207.json index 066af336e83..adeaa99986b 100644 --- a/2008/2xxx/CVE-2008-2207.json +++ b/2008/2xxx/CVE-2008-2207.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080503 Maian Gallery v2.0 XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491583/100/0/threaded" - }, - { - "name" : "29032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29032" - }, - { - "name" : "30070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30070" - }, - { - "name" : "3885", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3885" - }, - { - "name" : "maian-gallery-keywords-xss(42195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080503 Maian Gallery v2.0 XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491583/100/0/threaded" + }, + { + "name": "3885", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3885" + }, + { + "name": "29032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29032" + }, + { + "name": "30070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30070" + }, + { + "name": "maian-gallery-keywords-xss(42195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42195" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2391.json b/2008/2xxx/CVE-2008-2391.json index f7fa63dde1e..f52b4b3e34f 100644 --- a/2008/2xxx/CVE-2008-2391.json +++ b/2008/2xxx/CVE-2008-2391.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080519 DoS attacks using SQL Wildcards - White Paper", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492233/100/0/threaded" - }, - { - "name" : "http://www.codeplex.com/subsonic/WorkItem/View.aspx?WorkItemId=16112", - "refsource" : "MISC", - "url" : "http://www.codeplex.com/subsonic/WorkItem/View.aspx?WorkItemId=16112" - }, - { - "name" : "http://www.portcullis-security.com/uplds/wildcard_attacks.pdf", - "refsource" : "MISC", - "url" : "http://www.portcullis-security.com/uplds/wildcard_attacks.pdf" - }, - { - "name" : "3898", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3898" - }, - { - "name" : "subsonic-pagesize-dos(42562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3898", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3898" + }, + { + "name": "http://www.portcullis-security.com/uplds/wildcard_attacks.pdf", + "refsource": "MISC", + "url": "http://www.portcullis-security.com/uplds/wildcard_attacks.pdf" + }, + { + "name": "http://www.codeplex.com/subsonic/WorkItem/View.aspx?WorkItemId=16112", + "refsource": "MISC", + "url": "http://www.codeplex.com/subsonic/WorkItem/View.aspx?WorkItemId=16112" + }, + { + "name": "20080519 DoS attacks using SQL Wildcards - White Paper", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492233/100/0/threaded" + }, + { + "name": "subsonic-pagesize-dos(42562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42562" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2408.json b/2008/2xxx/CVE-2008-2408.json index aaf4a61d479..b6dddaaea73 100644 --- a/2008/2xxx/CVE-2008-2408.json +++ b/2008/2xxx/CVE-2008-2408.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080521 ZDI-08-030: Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-05/0284.html" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-030/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-030/" - }, - { - "name" : "29330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29330" - }, - { - "name" : "ADV-2008-1622", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1622" - }, - { - "name" : "1020105", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020105" - }, - { - "name" : "30336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30336" - }, - { - "name" : "trillian-talk-bo(42581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1622", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1622" + }, + { + "name": "20080521 ZDI-08-030: Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-05/0284.html" + }, + { + "name": "29330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29330" + }, + { + "name": "30336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30336" + }, + { + "name": "1020105", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020105" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-030/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-030/" + }, + { + "name": "trillian-talk-bo(42581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42581" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3059.json b/2008/3xxx/CVE-2008-3059.json index c1f034ef2c6..dc77ee81662 100644 --- a/2008/3xxx/CVE-2008-3059.json +++ b/2008/3xxx/CVE-2008-3059.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the \"Settings - Account Information\" tab." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://octeth.com/blog/category/oempro4/", - "refsource" : "MISC", - "url" : "http://octeth.com/blog/category/oempro4/" - }, - { - "name" : "http://osvdb.org/ref/50/oempro.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/50/oempro.txt" - }, - { - "name" : "50324", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50324" - }, - { - "name" : "oempro-settingsaccount-info-disclosure(47115)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the \"Settings - Account Information\" tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://osvdb.org/ref/50/oempro.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/50/oempro.txt" + }, + { + "name": "50324", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50324" + }, + { + "name": "http://octeth.com/blog/category/oempro4/", + "refsource": "MISC", + "url": "http://octeth.com/blog/category/oempro4/" + }, + { + "name": "oempro-settingsaccount-info-disclosure(47115)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47115" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3066.json b/2008/3xxx/CVE-2008-3066.json index 110d4034020..e9f90b8382f 100644 --- a/2008/3xxx/CVE-2008-3066.json +++ b/2008/3xxx/CVE-2008-3066.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080725 http://www.zerodayinitiative.com/advisories/ZDI-08-046", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494778/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-046/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-046/" - }, - { - "name" : "http://service.real.com/realplayer/security/07252008_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/07252008_player/en/" - }, - { - "name" : "VU#461187", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/461187" - }, - { - "name" : "30376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30376" - }, - { - "name" : "30379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30379" - }, - { - "name" : "ADV-2008-2194", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2194/references" - }, - { - "name" : "1020565", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020565" - }, - { - "name" : "realplayer-rjbdll-activex-bo(44013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080725 http://www.zerodayinitiative.com/advisories/ZDI-08-046", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494778/100/0/threaded" + }, + { + "name": "ADV-2008-2194", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2194/references" + }, + { + "name": "VU#461187", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/461187" + }, + { + "name": "http://service.real.com/realplayer/security/07252008_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/07252008_player/en/" + }, + { + "name": "1020565", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020565" + }, + { + "name": "30379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30379" + }, + { + "name": "30376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30376" + }, + { + "name": "realplayer-rjbdll-activex-bo(44013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44013" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-046/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-046/" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3543.json b/2008/3xxx/CVE-2008-3543.json index a2238d95e0e..d5f5295e64d 100644 --- a/2008/3xxx/CVE-2008-3543.json +++ b/2008/3xxx/CVE-2008-3543.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02375", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01570585" - }, - { - "name" : "SSRT080122", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01570585" - }, - { - "name" : "31607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31607" - }, - { - "name" : "ADV-2008-2748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2748" - }, - { - "name" : "1020993", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020993" - }, - { - "name" : "32161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32161" - }, - { - "name" : "hpux-nfsoncplus-dos(45695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020993", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020993" + }, + { + "name": "32161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32161" + }, + { + "name": "ADV-2008-2748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2748" + }, + { + "name": "SSRT080122", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01570585" + }, + { + "name": "hpux-nfsoncplus-dos(45695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45695" + }, + { + "name": "HPSBUX02375", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01570585" + }, + { + "name": "31607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31607" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6021.json b/2008/6xxx/CVE-2008-6021.json index 9b64b1b87ef..8ac47500598 100644 --- a/2008/6xxx/CVE-2008-6021.json +++ b/2008/6xxx/CVE-2008-6021.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka \"security vulnerabilities found by 3rd party analysis.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.attachmate.com/techdocs/2374.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/2374.html" - }, - { - "name" : "30723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30723" - }, - { - "name" : "attachmate-multiple-unspecified(48536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka \"security vulnerabilities found by 3rd party analysis.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.attachmate.com/techdocs/2374.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/2374.html" + }, + { + "name": "attachmate-multiple-unspecified(48536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48536" + }, + { + "name": "30723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30723" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6230.json b/2008/6xxx/CVE-2008-6230.json index 671f9e54d04..1eafefc6d4a 100644 --- a/2008/6xxx/CVE-2008-6230.json +++ b/2008/6xxx/CVE-2008-6230.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6997", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6997" - }, - { - "name" : "32124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32124" - }, - { - "name" : "ADV-2008-3016", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3016" - }, - { - "name" : "32563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32563" - }, - { - "name" : "prepodcastportal-tour-sql-injection(46386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3016", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3016" + }, + { + "name": "32563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32563" + }, + { + "name": "6997", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6997" + }, + { + "name": "32124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32124" + }, + { + "name": "prepodcastportal-tour-sql-injection(46386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46386" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6263.json b/2008/6xxx/CVE-2008-6263.json index f8fc539f965..885b0758e4e 100644 --- a/2008/6xxx/CVE-2008-6263.json +++ b/2008/6xxx/CVE-2008-6263.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the username parameter to the _userLoggedIn function. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7147", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7147" - }, - { - "name" : "32336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32336" - }, - { - "name" : "32726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32726" - }, - { - "name" : "saturncms-username-sql-injection(46651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46651" - }, - { - "name" : "saturncms-tuser-sql-injection(48952)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the username parameter to the _userLoggedIn function. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "saturncms-username-sql-injection(46651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46651" + }, + { + "name": "32336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32336" + }, + { + "name": "7147", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7147" + }, + { + "name": "32726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32726" + }, + { + "name": "saturncms-tuser-sql-injection(48952)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48952" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6269.json b/2008/6xxx/CVE-2008-6269.json index 2bd1d089d91..2b48b11d780 100644 --- a/2008/6xxx/CVE-2008-6269.json +++ b/2008/6xxx/CVE-2008-6269.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6955", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6955" - }, - { - "name" : "32058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32058" - }, - { - "name" : "32491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32491" - }, - { - "name" : "ADV-2008-2978", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2978" - }, - { - "name" : "joovili-multiple-cookie-security-bypass(46272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "joovili-multiple-cookie-security-bypass(46272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46272" + }, + { + "name": "32491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32491" + }, + { + "name": "6955", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6955" + }, + { + "name": "32058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32058" + }, + { + "name": "ADV-2008-2978", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2978" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7177.json b/2008/7xxx/CVE-2008-7177.json index 46ada72fbbf..0e8a684d24c 100644 --- a/2008/7xxx/CVE-2008-7177.json +++ b/2008/7xxx/CVE-2008-7177.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=607497", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=607497" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=452800", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=452800" - }, - { - "name" : "FEDORA-2008-5473", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01000.html" - }, - { - "name" : "29955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29955" - }, - { - "name" : "1020378", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020378" - }, - { - "name" : "30836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30836" - }, - { - "name" : "ADV-2008-1939", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1939" - }, - { - "name" : "nasm-listingmodule-bo(43441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1939", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1939" + }, + { + "name": "29955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29955" + }, + { + "name": "FEDORA-2008-5473", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01000.html" + }, + { + "name": "30836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30836" + }, + { + "name": "nasm-listingmodule-bo(43441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43441" + }, + { + "name": "1020378", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020378" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=607497", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=607497" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=452800", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452800" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7207.json b/2008/7xxx/CVE-2008-7207.json index 3e76943b409..5e082196dc1 100644 --- a/2008/7xxx/CVE-2008-7207.json +++ b/2008/7xxx/CVE-2008-7207.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rivetcode.com/files/rivettracker/rivettracker_1-0.zip", - "refsource" : "CONFIRM", - "url" : "http://www.rivetcode.com/files/rivettracker/rivettracker_1-0.zip" - }, - { - "name" : "42433", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rivetcode.com/files/rivettracker/rivettracker_1-0.zip", + "refsource": "CONFIRM", + "url": "http://www.rivetcode.com/files/rivettracker/rivettracker_1-0.zip" + }, + { + "name": "42433", + "refsource": "OSVDB", + "url": "http://osvdb.org/42433" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5042.json b/2012/5xxx/CVE-2012-5042.json index 22de34897dc..031d2bbdf87 100644 --- a/2012/5xxx/CVE-2012-5042.json +++ b/2012/5xxx/CVE-2012-5042.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5042", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5042", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5059.json b/2012/5xxx/CVE-2012-5059.json index e9943c96dfe..5fcc53efa57 100644 --- a/2012/5xxx/CVE-2012-5059.json +++ b/2012/5xxx/CVE-2012-5059.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-0392." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-0392." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5992.json b/2012/5xxx/CVE-2012-5992.json index 95518f89643..da6ae3e9f70 100644 --- a/2012/5xxx/CVE-2012-5992.json +++ b/2012/5xxx/CVE-2012-5992.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-5992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html", - "refsource" : "MISC", - "url" : "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html", + "refsource": "MISC", + "url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11134.json b/2017/11xxx/CVE-2017-11134.json index 705c2385ff7..2f44a62add4 100644 --- a/2017/11xxx/CVE-2017-11134.json +++ b/2017/11xxx/CVE-2017-11134.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/90", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/90" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/90", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/90" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11700.json b/2017/11xxx/CVE-2017-11700.json index bf89a8a2822..b83d00938c7 100644 --- a/2017/11xxx/CVE-2017-11700.json +++ b/2017/11xxx/CVE-2017-11700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11700", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11734.json b/2017/11xxx/CVE-2017-11734.json index f3f87f72475..9820d65b931 100644 --- a/2017/11xxx/CVE-2017-11734.json +++ b/2017/11xxx/CVE-2017-11734.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in_24.html", - "refsource" : "MISC", - "url" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in_24.html" - }, - { - "name" : "https://github.com/libming/libming/issues/83", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/83" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in_24.html", + "refsource": "MISC", + "url": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in_24.html" + }, + { + "name": "https://github.com/libming/libming/issues/83", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/83" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11781.json b/2017/11xxx/CVE-2017-11781.json index e56628d21ca..9e65fabda3c 100644 --- a/2017/11xxx/CVE-2017-11781.json +++ b/2017/11xxx/CVE-2017-11781.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Block Message (SMB)", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Block Message (SMB)", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11781", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11781" - }, - { - "name" : "101140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101140" - }, - { - "name" : "1039528", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11781", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11781" + }, + { + "name": "1039528", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039528" + }, + { + "name": "101140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101140" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11808.json b/2017/11xxx/CVE-2017-11808.json index 3065783998b..e6cbd67dfa9 100644 --- a/2017/11xxx/CVE-2017-11808.json +++ b/2017/11xxx/CVE-2017-11808.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11808", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11808" - }, - { - "name" : "101135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101135" - }, - { - "name" : "1039529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101135" + }, + { + "name": "1039529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039529" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11808", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11808" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14428.json b/2017/14xxx/CVE-2017-14428.json index 46fe23f648f..9d904fb4ab6 100644 --- a/2017/14xxx/CVE-2017-14428.json +++ b/2017/14xxx/CVE-2017-14428.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html", - "refsource" : "MISC", - "url" : "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html", + "refsource": "MISC", + "url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14639.json b/2017/14xxx/CVE-2017-14639.json index 7d469a58c0a..5c4effe1dfc 100644 --- a/2017/14xxx/CVE-2017-14639.json +++ b/2017/14xxx/CVE-2017-14639.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-underflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-underflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/" - }, - { - "name" : "https://github.com/axiomatic-systems/Bento4/commit/03d1222ab9c2ce779cdf01bdb96cdd69cbdcfeda", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/commit/03d1222ab9c2ce779cdf01bdb96cdd69cbdcfeda" - }, - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/190", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-underflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-underflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp/" + }, + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/190", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/190" + }, + { + "name": "https://github.com/axiomatic-systems/Bento4/commit/03d1222ab9c2ce779cdf01bdb96cdd69cbdcfeda", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/commit/03d1222ab9c2ce779cdf01bdb96cdd69cbdcfeda" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14911.json b/2017/14xxx/CVE-2017-14911.json index 42513edc268..2a0a92a073e 100644 --- a/2017/14xxx/CVE-2017-14911.json +++ b/2017/14xxx/CVE-2017-14911.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-14911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile", - "version" : { - "version_data" : [ - { - "version_value" : "APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authentication in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-14911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile", + "version": { + "version_data": [ + { + "version_value": "APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "102386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102386" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102386" + }, + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14912.json b/2017/14xxx/CVE-2017-14912.json index 0c42e26931c..fa2f44982b6 100644 --- a/2017/14xxx/CVE-2017-14912.json +++ b/2017/14xxx/CVE-2017-14912.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-14912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon IoT, Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-14912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon IoT, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "102386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102386" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102386" + }, + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14938.json b/2017/14xxx/CVE-2017-14938.json index f037bfefb98..680278365bd 100644 --- a/2017/14xxx/CVE-2017-14938.json +++ b/2017/14xxx/CVE-2017-14938.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22166" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" - }, - { - "name" : "101212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22166" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/" + }, + { + "name": "101212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101212" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15557.json b/2017/15xxx/CVE-2017-15557.json index c607422fab8..61995a6a9a5 100644 --- a/2017/15xxx/CVE-2017-15557.json +++ b/2017/15xxx/CVE-2017-15557.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15557", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15557", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15755.json b/2017/15xxx/CVE-2017-15755.json index 855c03ecee2..d7e430bbfb2 100644 --- a/2017/15xxx/CVE-2017-15755.json +++ b/2017/15xxx/CVE-2017-15755.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at verifier!AVrfpDphFindBusyMemoryNoCheck+0x0000000000000091.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15755", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at verifier!AVrfpDphFindBusyMemoryNoCheck+0x0000000000000091.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15755", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15755" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15826.json b/2017/15xxx/CVE-2017-15826.json index 2ab13e331d9..eebbd54fb09 100644 --- a/2017/15xxx/CVE-2017-15826.json +++ b/2017/15xxx/CVE-2017-15826.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2017-15826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Double free in mdss_rotator_release_from_work_distribution()" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2017-15826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=5ac3e9d038a7ee7edf77dde2dffae6f8ba528848", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=5ac3e9d038a7ee7edf77dde2dffae6f8ba528848" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double free in mdss_rotator_release_from_work_distribution()" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=5ac3e9d038a7ee7edf77dde2dffae6f8ba528848", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=5ac3e9d038a7ee7edf77dde2dffae6f8ba528848" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8082.json b/2017/8xxx/CVE-2017-8082.json index c1d9067a1af..680830b5f69 100644 --- a/2017/8xxx/CVE-2017-8082.json +++ b/2017/8xxx/CVE-2017-8082.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt", - "refsource" : "MISC", - "url" : "http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt" - }, - { - "name" : "https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0", - "refsource" : "MISC", - "url" : "https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0" - }, - { - "name" : "https://twitter.com/insecurity/status/856066923146215425", - "refsource" : "MISC", - "url" : "https://twitter.com/insecurity/status/856066923146215425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0", + "refsource": "MISC", + "url": "https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0" + }, + { + "name": "http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt", + "refsource": "MISC", + "url": "http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt" + }, + { + "name": "https://twitter.com/insecurity/status/856066923146215425", + "refsource": "MISC", + "url": "https://twitter.com/insecurity/status/856066923146215425" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8409.json b/2017/8xxx/CVE-2017-8409.json index 18eb43a5a94..d93de8f30a0 100644 --- a/2017/8xxx/CVE-2017-8409.json +++ b/2017/8xxx/CVE-2017-8409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8409", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8409", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8640.json b/2017/8xxx/CVE-2017-8640.json index 78e41494a62..51e36ccaa0b 100644 --- a/2017/8xxx/CVE-2017-8640.json +++ b/2017/8xxx/CVE-2017-8640.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Scripting Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Scripting Engine", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42476", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42476/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640" - }, - { - "name" : "100051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100051" - }, - { - "name" : "1039095", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100051" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640" + }, + { + "name": "42476", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42476/" + }, + { + "name": "1039095", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039095" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8854.json b/2017/8xxx/CVE-2017-8854.json index 79f7ed02f5a..4e1abe9f29e 100644 --- a/2017/8xxx/CVE-2017-8854.json +++ b/2017/8xxx/CVE-2017-8854.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable", - "refsource" : "CONFIRM", - "url" : "https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable", + "refsource": "CONFIRM", + "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8972.json b/2017/8xxx/CVE-2017-8972.json index a068773dfbd..78dfde365a0 100644 --- a/2017/8xxx/CVE-2017-8972.json +++ b/2017/8xxx/CVE-2017-8972.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-11-13T00:00:00", - "ID" : "CVE-2017-8972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Matrix Operating Environment", - "version" : { - "version_data" : [ - { - "version_value" : "7.6 LR1" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Clickjacking" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-11-13T00:00:00", + "ID": "CVE-2017-8972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Matrix Operating Environment", + "version": { + "version_data": [ + { + "version_value": "7.6 LR1" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us" - }, - { - "name" : "101938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Clickjacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101938" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12201.json b/2018/12xxx/CVE-2018-12201.json index 391afc090b2..61b1f5b547e 100644 --- a/2018/12xxx/CVE-2018-12201.json +++ b/2018/12xxx/CVE-2018-12201.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2018-12201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Platform Sample / Silicon Reference firmware", - "version" : { - "version_data" : [ - { - "version_value" : "Multiple versions." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2018-12201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Platform Sample / Silicon Reference firmware", + "version": { + "version_data": [ + { + "version_value": "Multiple versions." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12487.json b/2018/12xxx/CVE-2018-12487.json index 8391d005e31..2076ef0e109 100644 --- a/2018/12xxx/CVE-2018-12487.json +++ b/2018/12xxx/CVE-2018-12487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12487", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12487", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12550.json b/2018/12xxx/CVE-2018-12550.json index f651cb521fb..6b1c6f639db 100644 --- a/2018/12xxx/CVE-2018-12550.json +++ b/2018/12xxx/CVE-2018-12550.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12550", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12550", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12689.json b/2018/12xxx/CVE-2018-12689.json index 8c737e64749..c7299af5f9c 100644 --- a/2018/12xxx/CVE-2018-12689.json +++ b/2018/12xxx/CVE-2018-12689.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44926", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44926/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44926", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44926/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12727.json b/2018/12xxx/CVE-2018-12727.json index 136154eae0f..b711b2b843d 100644 --- a/2018/12xxx/CVE-2018-12727.json +++ b/2018/12xxx/CVE-2018-12727.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12727", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12727", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12968.json b/2018/12xxx/CVE-2018-12968.json index 53b93acc0fd..41af8427943 100644 --- a/2018/12xxx/CVE-2018-12968.json +++ b/2018/12xxx/CVE-2018-12968.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12968", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12968", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13070.json b/2018/13xxx/CVE-2018-13070.json index ecd614ea135..f44db9dac24 100644 --- a/2018/13xxx/CVE-2018-13070.json +++ b/2018/13xxx/CVE-2018-13070.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VenusADLab/EtherTokens/blob/master/EncryptedToken/EncryptedToken.md", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/blob/master/EncryptedToken/EncryptedToken.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VenusADLab/EtherTokens/blob/master/EncryptedToken/EncryptedToken.md", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/blob/master/EncryptedToken/EncryptedToken.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13331.json b/2018/13xxx/CVE-2018-13331.json index ee7323c298e..1512c078060 100644 --- a/2018/13xxx/CVE-2018-13331.json +++ b/2018/13xxx/CVE-2018-13331.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13398.json b/2018/13xxx/CVE-2018-13398.json index a5d4304b19a..a8035ed7f73 100644 --- a/2018/13xxx/CVE-2018-13398.json +++ b/2018/13xxx/CVE-2018-13398.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-09-17T00:00:00", - "ID" : "CVE-2018-13398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fisheye and Crucible", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "4.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-09-17T00:00:00", + "ID": "CVE-2018-13398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fisheye and Crucible", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8312", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CRUC-8312" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-7100", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-7100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/FE-7100", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-7100" + }, + { + "name": "https://jira.atlassian.com/browse/CRUC-8312", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CRUC-8312" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13735.json b/2018/13xxx/CVE-2018-13735.json index 34fe91625c6..d7e16136c7b 100644 --- a/2018/13xxx/CVE-2018-13735.json +++ b/2018/13xxx/CVE-2018-13735.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13890.json b/2018/13xxx/CVE-2018-13890.json index f83fb9f89b1..3ea6658cb52 100644 --- a/2018/13xxx/CVE-2018-13890.json +++ b/2018/13xxx/CVE-2018-13890.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13890", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13890", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16162.json b/2018/16xxx/CVE-2018-16162.json index 8742a2985e5..7a8f9d83f12 100755 --- a/2018/16xxx/CVE-2018-16162.json +++ b/2018/16xxx/CVE-2018-16162.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenDolphin", - "version" : { - "version_data" : [ - { - "version_value" : "2.7.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Life Sciences Computing Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenDolphin", + "version": { + "version_data": [ + { + "version_value": "2.7.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Life Sciences Computing Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opendolphin.com/security20181023.html", - "refsource" : "MISC", - "url" : "http://www.opendolphin.com/security20181023.html" - }, - { - "name" : "JVN#59394343", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN59394343/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#59394343", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN59394343/index.html" + }, + { + "name": "http://www.opendolphin.com/security20181023.html", + "refsource": "MISC", + "url": "http://www.opendolphin.com/security20181023.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16300.json b/2018/16xxx/CVE-2018-16300.json index df10bfebe2d..6a122ad0129 100644 --- a/2018/16xxx/CVE-2018-16300.json +++ b/2018/16xxx/CVE-2018-16300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16300", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16300", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16963.json b/2018/16xxx/CVE-2018-16963.json index 4983ade454c..9944a765512 100644 --- a/2018/16xxx/CVE-2018-16963.json +++ b/2018/16xxx/CVE-2018-16963.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16963", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16963", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17343.json b/2018/17xxx/CVE-2018-17343.json index f4d1742a1b9..40223ee821c 100644 --- a/2018/17xxx/CVE-2018-17343.json +++ b/2018/17xxx/CVE-2018-17343.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17343", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17343", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17381.json b/2018/17xxx/CVE-2018-17381.json index 5be9acd4247..daed0610e62 100644 --- a/2018/17xxx/CVE-2018-17381.json +++ b/2018/17xxx/CVE-2018-17381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17381", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17381", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4320.json b/2018/4xxx/CVE-2018-4320.json index 747e1780d47..4287bac4b14 100644 --- a/2018/4xxx/CVE-2018-4320.json +++ b/2018/4xxx/CVE-2018-4320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4320", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4320", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4625.json b/2018/4xxx/CVE-2018-4625.json index 30dd05cd745..bccb30fb8df 100644 --- a/2018/4xxx/CVE-2018-4625.json +++ b/2018/4xxx/CVE-2018-4625.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4625", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4625", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4836.json b/2018/4xxx/CVE-2018-4836.json index 944698abeb4..49fbf6c8434 100644 --- a/2018/4xxx/CVE-2018-4836.json +++ b/2018/4xxx/CVE-2018-4836.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-01-25T00:00:00", - "ID" : "CVE-2018-4836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TeleControl Server Basic", - "version" : { - "version_data" : [ - { - "version_value" : "All versions < V3.1" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287: Improper Authentication" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-01-25T00:00:00", + "ID": "CVE-2018-4836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TeleControl Server Basic", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.1" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf" - }, - { - "name" : "102897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102897" - }, - { - "name" : "102904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf" + }, + { + "name": "102904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102904" + }, + { + "name": "102897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102897" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9851.json b/2019/9xxx/CVE-2019-9851.json new file mode 100644 index 00000000000..135542fb9b2 --- /dev/null +++ b/2019/9xxx/CVE-2019-9851.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9851", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file