From 3c06928fb77465118277285788cd0fab271e42ed Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:50:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0084.json | 170 ++++++++++---------- 2003/0xxx/CVE-2003-0845.json | 180 ++++++++++----------- 2003/1xxx/CVE-2003-1136.json | 190 +++++++++++----------- 2004/0xxx/CVE-2004-0302.json | 150 +++++++++--------- 2004/0xxx/CVE-2004-0698.json | 140 ++++++++--------- 2004/0xxx/CVE-2004-0824.json | 170 ++++++++++---------- 2004/0xxx/CVE-2004-0985.json | 150 +++++++++--------- 2004/2xxx/CVE-2004-2376.json | 140 ++++++++--------- 2004/2xxx/CVE-2004-2575.json | 160 +++++++++---------- 2004/2xxx/CVE-2004-2699.json | 180 ++++++++++----------- 2008/2xxx/CVE-2008-2158.json | 170 ++++++++++---------- 2008/2xxx/CVE-2008-2215.json | 150 +++++++++--------- 2008/2xxx/CVE-2008-2294.json | 150 +++++++++--------- 2008/2xxx/CVE-2008-2639.json | 230 +++++++++++++-------------- 2008/2xxx/CVE-2008-2692.json | 150 +++++++++--------- 2008/6xxx/CVE-2008-6290.json | 150 +++++++++--------- 2008/6xxx/CVE-2008-6388.json | 130 +++++++-------- 2012/1xxx/CVE-2012-1195.json | 160 +++++++++---------- 2012/1xxx/CVE-2012-1400.json | 120 +++++++------- 2012/1xxx/CVE-2012-1467.json | 130 +++++++-------- 2012/5xxx/CVE-2012-5494.json | 150 +++++++++--------- 2012/5xxx/CVE-2012-5509.json | 130 +++++++-------- 2012/5xxx/CVE-2012-5866.json | 150 +++++++++--------- 2012/5xxx/CVE-2012-5938.json | 130 +++++++-------- 2017/11xxx/CVE-2017-11715.json | 120 +++++++------- 2017/11xxx/CVE-2017-11775.json | 142 ++++++++--------- 2017/11xxx/CVE-2017-11798.json | 142 ++++++++--------- 2017/11xxx/CVE-2017-11933.json | 34 ++-- 2017/3xxx/CVE-2017-3276.json | 140 ++++++++--------- 2017/7xxx/CVE-2017-7076.json | 140 ++++++++--------- 2017/7xxx/CVE-2017-7533.json | 280 ++++++++++++++++----------------- 2017/7xxx/CVE-2017-7904.json | 34 ++-- 2018/10xxx/CVE-2018-10011.json | 34 ++-- 2018/10xxx/CVE-2018-10732.json | 130 +++++++-------- 2018/10xxx/CVE-2018-10907.json | 190 +++++++++++----------- 2018/12xxx/CVE-2018-12757.json | 140 ++++++++--------- 2018/12xxx/CVE-2018-12772.json | 140 ++++++++--------- 2018/12xxx/CVE-2018-12971.json | 120 +++++++------- 2018/13xxx/CVE-2018-13375.json | 34 ++-- 2018/13xxx/CVE-2018-13417.json | 130 +++++++-------- 2018/13xxx/CVE-2018-13593.json | 130 +++++++-------- 2018/13xxx/CVE-2018-13760.json | 130 +++++++-------- 2018/13xxx/CVE-2018-13834.json | 34 ++-- 2018/13xxx/CVE-2018-13997.json | 120 +++++++------- 2018/17xxx/CVE-2018-17006.json | 120 +++++++------- 2018/17xxx/CVE-2018-17178.json | 120 +++++++------- 2018/17xxx/CVE-2018-17432.json | 120 +++++++------- 2018/17xxx/CVE-2018-17844.json | 34 ++-- 48 files changed, 3244 insertions(+), 3244 deletions(-) diff --git a/2003/0xxx/CVE-2003-0084.json b/2003/0xxx/CVE-2003-0084.json index f525b034d78..65bc6e86655 100644 --- a/2003/0xxx/CVE-2003-0084.json +++ b/2003/0xxx/CVE-2003-0084.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:113", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-113.html" - }, - { - "name" : "RHSA-2003:114", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2003-114.html" - }, - { - "name" : "http://www.itlab.musc.edu/webNIS/mod_auth_any.html", - "refsource" : "CONFIRM", - "url" : "http://www.itlab.musc.edu/webNIS/mod_auth_any.html" - }, - { - "name" : "N-090", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-090.shtml" - }, - { - "name" : "7448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7448" - }, - { - "name" : "modauthany-command-execution(11893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html", + "refsource": "CONFIRM", + "url": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html" + }, + { + "name": "RHSA-2003:113", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-113.html" + }, + { + "name": "RHSA-2003:114", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2003-114.html" + }, + { + "name": "N-090", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-090.shtml" + }, + { + "name": "7448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7448" + }, + { + "name": "modauthany-command-execution(11893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0845.json b/2003/0xxx/CVE-2003-0845.json index 4e43e96df8d..54250d6120d 100644 --- a/2003/0xxx/CVE-2003-0845.json +++ b/2003/0xxx/CVE-2003-0845.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031005 JBoss 3.2.1: Remote Command Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106546044416498&w=2" - }, - { - "name" : "20031006 Update JBoss 308 & 321: Remote Command Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106547728803252&w=2" - }, - { - "name" : "http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866" - }, - { - "name" : "RHSA-2007:1048", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1048.html" - }, - { - "name" : "8773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8773" - }, - { - "name" : "oval:org.mitre.oval:def:11300", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300" - }, - { - "name" : "27914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8773" + }, + { + "name": "20031005 JBoss 3.2.1: Remote Command Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106546044416498&w=2" + }, + { + "name": "27914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27914" + }, + { + "name": "http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866" + }, + { + "name": "oval:org.mitre.oval:def:11300", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300" + }, + { + "name": "20031006 Update JBoss 308 & 321: Remote Command Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106547728803252&w=2" + }, + { + "name": "RHSA-2007:1048", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1136.json b/2003/1xxx/CVE-2003-1136.json index 8a7603c834b..029a2a61616 100644 --- a/2003/1xxx/CVE-2003-1136.json +++ b/2003/1xxx/CVE-2003-1136.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031026 New Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/342475" - }, - { - "name" : "8895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8895" - }, - { - "name" : "8896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8896" - }, - { - "name" : "2718", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2718" - }, - { - "name" : "1008006", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008006" - }, - { - "name" : "10080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10080" - }, - { - "name" : "guestbook-html-xss(13522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13522" - }, - { - "name" : "guestbook-doublequotation-xss(13523)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1008006", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008006" + }, + { + "name": "guestbook-html-xss(13522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13522" + }, + { + "name": "guestbook-doublequotation-xss(13523)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13523" + }, + { + "name": "2718", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2718" + }, + { + "name": "8896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8896" + }, + { + "name": "20031026 New Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/342475" + }, + { + "name": "10080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10080" + }, + { + "name": "8895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8895" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0302.json b/2004/0xxx/CVE-2004-0302.json index 94d34af226e..6a69d7c2e2c 100644 --- a/2004/0xxx/CVE-2004-0302.json +++ b/2004/0xxx/CVE-2004-0302.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040218 ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107712123305706&w=2" - }, - { - "name" : "http://www.zone-h.org/en/advisories/read/id=3973/", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/en/advisories/read/id=3973/" - }, - { - "name" : "owls-file-retrieval(15249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15249" - }, - { - "name" : "9689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040218 ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107712123305706&w=2" + }, + { + "name": "owls-file-retrieval(15249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15249" + }, + { + "name": "http://www.zone-h.org/en/advisories/read/id=3973/", + "refsource": "MISC", + "url": "http://www.zone-h.org/en/advisories/read/id=3973/" + }, + { + "name": "9689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9689" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0698.json b/2004/0xxx/CVE-2004-0698.json index 2ac30dd9b4f..0d5268493f9 100644 --- a/2004/0xxx/CVE-2004-0698.json +++ b/2004/0xxx/CVE-2004-0698.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A071304-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2004/a071304-1.txt" - }, - { - "name" : "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt", - "refsource" : "MISC", - "url" : "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt" - }, - { - "name" : "4dwebstar-symlink(16689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A071304-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2004/a071304-1.txt" + }, + { + "name": "4dwebstar-symlink(16689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16689" + }, + { + "name": "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt", + "refsource": "MISC", + "url": "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0824.json b/2004/0xxx/CVE-2004-0824.json index cc188541e0f..0e68bfe3843 100644 --- a/2004/0xxx/CVE-2004-0824.json +++ b/2004/0xxx/CVE-2004-0824.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-09-07", - "refsource" : "APPLE", - "url" : "http://www.securityfocus.com/advisories/7148" - }, - { - "name" : "ESB-2004.0559", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=4363" - }, - { - "name" : "O-212", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-212.shtml" - }, - { - "name" : "11139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11139" - }, - { - "name" : "1011175", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011175" - }, - { - "name" : "macosx-pppdialer-symlink(17298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-pppdialer-symlink(17298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17298" + }, + { + "name": "1011175", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011175" + }, + { + "name": "ESB-2004.0559", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=4363" + }, + { + "name": "11139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11139" + }, + { + "name": "APPLE-SA-2004-09-07", + "refsource": "APPLE", + "url": "http://www.securityfocus.com/advisories/7148" + }, + { + "name": "O-212", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-212.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0985.json b/2004/0xxx/CVE-2004-0985.json index 88890b6feeb..4109f1921f0 100644 --- a/2004/0xxx/CVE-2004-0985.json +++ b/2004/0xxx/CVE-2004-0985.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=109828076802478&w=2" - }, - { - "name" : "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109830296130857&w=2" - }, - { - "name" : "20041020 Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109829111200055&w=2" - }, - { - "name" : "ie-anchorclick-command-execution(17824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109830296130857&w=2" + }, + { + "name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=109828076802478&w=2" + }, + { + "name": "ie-anchorclick-command-execution(17824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824" + }, + { + "name": "20041020 Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109829111200055&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2376.json b/2004/2xxx/CVE-2004-2376.json index 308fac0b3e6..1da41d0f419 100644 --- a/2004/2xxx/CVE-2004-2376.json +++ b/2004/2xxx/CVE-2004-2376.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request with a long attfile attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/TW-webserver/TWwebserver.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/TW-webserver/TWwebserver.txt" - }, - { - "name" : "1009443", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Mar/1009443.html" - }, - { - "name" : "twilight-postfile-attfile-bo(15515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request with a long attfile attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://members.lycos.co.uk/r34ct/main/TW-webserver/TWwebserver.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/TW-webserver/TWwebserver.txt" + }, + { + "name": "1009443", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Mar/1009443.html" + }, + { + "name": "twilight-postfile-attfile-bo(15515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15515" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2575.json b/2004/2xxx/CVE-2004-2575.json index 0ad27460233..8d6cda0e48a 100644 --- a/2004/2xxx/CVE-2004-2575.json +++ b/2004/2xxx/CVE-2004-2575.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://savannah.gnu.org/bugs/?func=detailitem&item_id=7478", - "refsource" : "CONFIRM", - "url" : "https://savannah.gnu.org/bugs/?func=detailitem&item_id=7478" - }, - { - "name" : "7601", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7601" - }, - { - "name" : "7602", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7602" - }, - { - "name" : "7603", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7603" - }, - { - "name" : "7604", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7602", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7602" + }, + { + "name": "https://savannah.gnu.org/bugs/?func=detailitem&item_id=7478", + "refsource": "CONFIRM", + "url": "https://savannah.gnu.org/bugs/?func=detailitem&item_id=7478" + }, + { + "name": "7604", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7604" + }, + { + "name": "7601", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7601" + }, + { + "name": "7603", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7603" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2699.json b/2004/2xxx/CVE-2004-2699.json index c32f3b660cb..f320ccd3a8e 100644 --- a/2004/2xxx/CVE-2004-2699.json +++ b/2004/2xxx/CVE-2004-2699.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/365559" - }, - { - "name" : "20040609 Advisory: ASPDOTNETSTOREFRONT Improper Session Validation", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0235.html" - }, - { - "name" : "10506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10506" - }, - { - "name" : "6958", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6958" - }, - { - "name" : "11839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11839" - }, - { - "name" : "3206", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3206" - }, - { - "name" : "aspdotnetstorefront-improper-validation(16377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040609 Advisory: ASPDOTNETSTOREFRONT Improper Session Validation", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0235.html" + }, + { + "name": "aspdotnetstorefront-improper-validation(16377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16377" + }, + { + "name": "6958", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6958" + }, + { + "name": "20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/365559" + }, + { + "name": "11839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11839" + }, + { + "name": "10506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10506" + }, + { + "name": "3206", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3206" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2158.json b/2008/2xxx/CVE-2008-2158.json index 8272fbcbdca..6d6c6800904 100644 --- a/2008/2xxx/CVE-2008-2158.json +++ b/2008/2xxx/CVE-2008-2158.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080527 EMC AlphaStor Server Agent Multiple Stack Buffer Overflow Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=702" - }, - { - "name" : "29399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29399" - }, - { - "name" : "ADV-2008-1670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1670" - }, - { - "name" : "1020115", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020115" - }, - { - "name" : "30410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30410" - }, - { - "name" : "alphastor-commandline-bo(42669)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080527 EMC AlphaStor Server Agent Multiple Stack Buffer Overflow Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=702" + }, + { + "name": "1020115", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020115" + }, + { + "name": "30410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30410" + }, + { + "name": "29399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29399" + }, + { + "name": "ADV-2008-1670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1670" + }, + { + "name": "alphastor-commandline-bo(42669)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42669" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2215.json b/2008/2xxx/CVE-2008-2215.json index ba529b27269..5c023c0a426 100644 --- a/2008/2xxx/CVE-2008-2215.json +++ b/2008/2xxx/CVE-2008-2215.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5523", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5523" - }, - { - "name" : "28991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28991" - }, - { - "name" : "30015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30015" - }, - { - "name" : "pbcs-filename-directory-traversal(42106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5523", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5523" + }, + { + "name": "28991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28991" + }, + { + "name": "pbcs-filename-directory-traversal(42106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42106" + }, + { + "name": "30015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30015" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2294.json b/2008/2xxx/CVE-2008-2294.json index 607a5793979..477faf450b4 100644 --- a/2008/2xxx/CVE-2008-2294.json +++ b/2008/2xxx/CVE-2008-2294.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for \"admin.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5627", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5627" - }, - { - "name" : "29252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29252" - }, - { - "name" : "30254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30254" - }, - { - "name" : "pgms-useradded-security-bypass(42466)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for \"admin.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30254" + }, + { + "name": "pgms-useradded-security-bypass(42466)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42466" + }, + { + "name": "5627", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5627" + }, + { + "name": "29252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29252" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2639.json b/2008/2xxx/CVE-2008-2639.json index 4098728940b..6ea935ac4d5 100644 --- a/2008/2xxx/CVE-2008-2639.json +++ b/2008/2xxx/CVE-2008-2639.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 CORE-2008-0125: CitectSCADA ODBC service vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493272/100/0/threaded" - }, - { - "name" : "6387", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6387" - }, - { - "name" : "http://isc.sans.org/diary.html?storyid=4556", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=4556" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2186", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2186" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/CTAR-7ENQNH", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/CTAR-7ENQNH" - }, - { - "name" : "VU#476345", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/476345" - }, - { - "name" : "29634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29634" - }, - { - "name" : "ADV-2008-1834", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1834/references" - }, - { - "name" : "1020241", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020241" - }, - { - "name" : "30638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30638" - }, - { - "name" : "3944", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3944" - }, - { - "name" : "citectscada-odbc-bo(42992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1834", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1834/references" + }, + { + "name": "http://www.kb.cert.org/vuls/id/CTAR-7ENQNH", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/CTAR-7ENQNH" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2186", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2186" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=4556", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=4556" + }, + { + "name": "30638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30638" + }, + { + "name": "1020241", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020241" + }, + { + "name": "6387", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6387" + }, + { + "name": "VU#476345", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/476345" + }, + { + "name": "29634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29634" + }, + { + "name": "20080611 CORE-2008-0125: CitectSCADA ODBC service vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493272/100/0/threaded" + }, + { + "name": "3944", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3944" + }, + { + "name": "citectscada-odbc-bo(42992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42992" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2692.json b/2008/2xxx/CVE-2008-2692.json index d2b00253344..d46d8297a1a 100644 --- a/2008/2xxx/CVE-2008-2692.json +++ b/2008/2xxx/CVE-2008-2692.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5755", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5755" - }, - { - "name" : "29596", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29596" - }, - { - "name" : "30567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30567" - }, - { - "name" : "yvcomment-index-sql-injection(42920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yvcomment-index-sql-injection(42920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42920" + }, + { + "name": "30567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30567" + }, + { + "name": "29596", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29596" + }, + { + "name": "5755", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5755" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6290.json b/2008/6xxx/CVE-2008-6290.json index 2a597a5d0f6..8f9840563da 100644 --- a/2008/6xxx/CVE-2008-6290.json +++ b/2008/6xxx/CVE-2008-6290.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6990", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6990" - }, - { - "name" : "32111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32111" - }, - { - "name" : "32556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32556" - }, - { - "name" : "sitoincludefile-includefile-file-include(46338)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6990", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6990" + }, + { + "name": "32556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32556" + }, + { + "name": "32111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32111" + }, + { + "name": "sitoincludefile-includefile-file-include(46338)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46338" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6388.json b/2008/6xxx/CVE-2008-6388.json index e0f1a3fbe2e..de4810f4e52 100644 --- a/2008/6xxx/CVE-2008-6388.json +++ b/2008/6xxx/CVE-2008-6388.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7324", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7324" - }, - { - "name" : "rapidclassified-cldb-info-disclosure(47016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rapidclassified-cldb-info-disclosure(47016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47016" + }, + { + "name": "7324", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7324" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1195.json b/2012/1xxx/CVE-2012-1195.json index 180af968154..2da0194cafc 100644 --- a/2012/1xxx/CVE-2012-1195.json +++ b/2012/1xxx/CVE-2012-1195.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "52023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52023" - }, - { - "name" : "79276", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79276" - }, - { - "name" : "1026693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026693" - }, - { - "name" : "47666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47666" - }, - { - "name" : "thinkmanagement-serversetup-file-upload(73207)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "79276", + "refsource": "OSVDB", + "url": "http://osvdb.org/79276" + }, + { + "name": "1026693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026693" + }, + { + "name": "52023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52023" + }, + { + "name": "thinkmanagement-serversetup-file-upload(73207)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73207" + }, + { + "name": "47666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47666" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1400.json b/2012/1xxx/CVE-2012-1400.json index 09b5a965f8b..2e561b743bd 100644 --- a/2012/1xxx/CVE-2012-1400.json +++ b/2012/1xxx/CVE-2012-1400.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) application 2.0.8.4 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1400-vulnerability-in-U%2BBoxPad.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1400-vulnerability-in-U%2BBoxPad.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) application 2.0.8.4 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1400-vulnerability-in-U%2BBoxPad.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1400-vulnerability-in-U%2BBoxPad.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1467.json b/2012/1xxx/CVE-2012-1467.json index 83fff41b18c..46ab059ab47 100644 --- a/2012/1xxx/CVE-2012-1467.json +++ b/2012/1xxx/CVE-2012-1467.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23079", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23079" - }, - { - "name" : "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431", - "refsource" : "CONFIRM", - "url" : "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431", + "refsource": "CONFIRM", + "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23079", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23079" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5494.json b/2012/5xxx/CVE-2012-5494.json index 384bbb0d7cb..1d1210600aa 100644 --- a/2012/5xxx/CVE-2012-5494.json +++ b/2012/5xxx/CVE-2012-5494.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to \"{u,}translate.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121106", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121106" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/10", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to \"{u,}translate.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/10", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/10" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121106", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121106" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5509.json b/2012/5xxx/CVE-2012-5509.json index 582b1e199b6..20b02194379 100644 --- a/2012/5xxx/CVE-2012-5509.json +++ b/2012/5xxx/CVE-2012-5509.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=875294", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=875294" - }, - { - "name" : "RHSA-2013:0545", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0545.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=875294", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875294" + }, + { + "name": "RHSA-2013:0545", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0545.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5866.json b/2012/5xxx/CVE-2012-5866.json index 1a5d89bdb5e..637a6d04fd8 100644 --- a/2012/5xxx/CVE-2012-5866.json +++ b/2012/5xxx/CVE-2012-5866.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23126", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23126" - }, - { - "name" : "56858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56858" - }, - { - "name" : "achievo-include-xss(80571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/118673/Achievo-1.4.5-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "achievo-include-xss(80571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80571" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23126", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23126" + }, + { + "name": "56858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56858" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5938.json b/2012/5xxx/CVE-2012-5938.json index c8fab2bd0fd..d9a7c549f79 100644 --- a/2012/5xxx/CVE-2012-5938.json +++ b/2012/5xxx/CVE-2012-5938.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21628844", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21628844" - }, - { - "name" : "infosphere-file-priv-esc(80493)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "infosphere-file-priv-esc(80493)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80493" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21628844", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21628844" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11715.json b/2017/11xxx/CVE-2017-11715.json index 4fc9ba860be..37167b50b6a 100644 --- a/2017/11xxx/CVE-2017-11715.json +++ b/2017/11xxx/CVE-2017-11715.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lncken.cn/?p=316", - "refsource" : "MISC", - "url" : "https://lncken.cn/?p=316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lncken.cn/?p=316", + "refsource": "MISC", + "url": "https://lncken.cn/?p=316" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11775.json b/2017/11xxx/CVE-2017-11775.json index 33f5678e579..b480d53035a 100644 --- a/2017/11xxx/CVE-2017-11775.json +++ b/2017/11xxx/CVE-2017-11775.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint Enterprise Server", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka \"Microsoft Office SharePoint XSS Vulnerability\". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11775", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11775" - }, - { - "name" : "101105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101105" - }, - { - "name" : "1039540", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka \"Microsoft Office SharePoint XSS Vulnerability\". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101105" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11775", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11775" + }, + { + "name": "1039540", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039540" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11798.json b/2017/11xxx/CVE-2017-11798.json index a45839f9e19..5d96793e222 100644 --- a/2017/11xxx/CVE-2017-11798.json +++ b/2017/11xxx/CVE-2017-11798.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11798", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11798" - }, - { - "name" : "101125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101125" - }, - { - "name" : "1039529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101125" + }, + { + "name": "1039529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039529" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11798", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11798" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11933.json b/2017/11xxx/CVE-2017-11933.json index dd9d6f42a2d..75e962ab08b 100644 --- a/2017/11xxx/CVE-2017-11933.json +++ b/2017/11xxx/CVE-2017-11933.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11933", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11933", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3276.json b/2017/3xxx/CVE-2017-3276.json index e4a169b7657..f1fb62533f4 100644 --- a/2017/3xxx/CVE-2017-3276.json +++ b/2017/3xxx/CVE-2017-3276.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS v3.0 Base Score 5.7 (Integrity and Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95544" - }, - { - "name" : "1037641", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS v3.0 Base Score 5.7 (Integrity and Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95544" + }, + { + "name": "1037641", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037641" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7076.json b/2017/7xxx/CVE-2017-7076.json index 0b3bf0206da..43830a2d1fd 100644 --- a/2017/7xxx/CVE-2017-7076.json +++ b/2017/7xxx/CVE-2017-7076.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the \"ld64\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208103", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208103" - }, - { - "name" : "100894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100894" - }, - { - "name" : "1039386", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the \"ld64\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100894" + }, + { + "name": "https://support.apple.com/HT208103", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208103" + }, + { + "name": "1039386", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039386" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7533.json b/2017/7xxx/CVE-2017-7533.json index efc98326155..976700b8faf 100644 --- a/2017/7xxx/CVE-2017-7533.json +++ b/2017/7xxx/CVE-2017-7533.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel through 4.12.4", - "version" : { - "version_data" : [ - { - "version_value" : "Linux kernel through 4.12.4" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "race condition" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux kernel through 4.12.4", + "version": { + "version_data": [ + { + "version_value": "Linux kernel through 4.12.4" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/08/03/2", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/08/03/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1468283", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1468283" - }, - { - "name" : "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e" - }, - { - "name" : "https://patchwork.kernel.org/patch/9755753/", - "refsource" : "MISC", - "url" : "https://patchwork.kernel.org/patch/9755753/" - }, - { - "name" : "https://patchwork.kernel.org/patch/9755757/", - "refsource" : "MISC", - "url" : "https://patchwork.kernel.org/patch/9755757/" - }, - { - "name" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html", - "refsource" : "MISC", - "url" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "DSA-3927", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3927" - }, - { - "name" : "DSA-3945", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3945" - }, - { - "name" : "RHSA-2017:2869", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2869" - }, - { - "name" : "RHSA-2017:2770", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2770" - }, - { - "name" : "RHSA-2017:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2669" - }, - { - "name" : "RHSA-2017:2473", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2473" - }, - { - "name" : "RHSA-2017:2585", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2585" - }, - { - "name" : "100123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100123" - }, - { - "name" : "1039075", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "race condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3927", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3927" + }, + { + "name": "https://patchwork.kernel.org/patch/9755757/", + "refsource": "MISC", + "url": "https://patchwork.kernel.org/patch/9755757/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283" + }, + { + "name": "100123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100123" + }, + { + "name": "RHSA-2017:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2669" + }, + { + "name": "RHSA-2017:2473", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2473" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/08/03/2", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/08/03/2" + }, + { + "name": "RHSA-2017:2585", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2585" + }, + { + "name": "https://patchwork.kernel.org/patch/9755753/", + "refsource": "MISC", + "url": "https://patchwork.kernel.org/patch/9755753/" + }, + { + "name": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e" + }, + { + "name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html", + "refsource": "MISC", + "url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html" + }, + { + "name": "DSA-3945", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3945" + }, + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + }, + { + "name": "1039075", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039075" + }, + { + "name": "RHSA-2017:2770", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2770" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e" + }, + { + "name": "RHSA-2017:2869", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2869" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7904.json b/2017/7xxx/CVE-2017-7904.json index 000d3c76cc0..15f6a54d625 100644 --- a/2017/7xxx/CVE-2017-7904.json +++ b/2017/7xxx/CVE-2017-7904.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7904", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7904", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10011.json b/2018/10xxx/CVE-2018-10011.json index 67d86e36345..c4837db49c1 100644 --- a/2018/10xxx/CVE-2018-10011.json +++ b/2018/10xxx/CVE-2018-10011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10732.json b/2018/10xxx/CVE-2018-10732.json index dd41e4a0699..d7d77d30134 100644 --- a/2018/10xxx/CVE-2018-10732.json +++ b/2018/10xxx/CVE-2018-10732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://doc.dataiku.com/dss/latest/release_notes/4.2.html#security", - "refsource" : "MISC", - "url" : "https://doc.dataiku.com/dss/latest/release_notes/4.2.html#security" - }, - { - "name" : "https://github.com/alt3kx/CVE-2018-10732", - "refsource" : "MISC", - "url" : "https://github.com/alt3kx/CVE-2018-10732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/alt3kx/CVE-2018-10732", + "refsource": "MISC", + "url": "https://github.com/alt3kx/CVE-2018-10732" + }, + { + "name": "https://doc.dataiku.com/dss/latest/release_notes/4.2.html#security", + "refsource": "MISC", + "url": "https://doc.dataiku.com/dss/latest/release_notes/4.2.html#security" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10907.json b/2018/10xxx/CVE-2018-10907.json index 10c9d867a0e..6af00294ecd 100644 --- a/2018/10xxx/CVE-2018-10907.json +++ b/2018/10xxx/CVE-2018-10907.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-10907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glusterfs", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "glusterfs", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907" - }, - { - "name" : "https://review.gluster.org/#/c/glusterfs/+/21070/", - "refsource" : "CONFIRM", - "url" : "https://review.gluster.org/#/c/glusterfs/+/21070/" - }, - { - "name" : "RHSA-2018:2607", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2607" - }, - { - "name" : "RHSA-2018:2608", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2608" - }, - { - "name" : "RHSA-2018:3470", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://review.gluster.org/#/c/glusterfs/+/21070/", + "refsource": "CONFIRM", + "url": "https://review.gluster.org/#/c/glusterfs/+/21070/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907" + }, + { + "name": "RHSA-2018:2607", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2607" + }, + { + "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" + }, + { + "name": "RHSA-2018:2608", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2608" + }, + { + "name": "RHSA-2018:3470", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3470" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12757.json b/2018/12xxx/CVE-2018-12757.json index 3bd453a07d6..e6554698b03 100644 --- a/2018/12xxx/CVE-2018-12757.json +++ b/2018/12xxx/CVE-2018-12757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12772.json b/2018/12xxx/CVE-2018-12772.json index 0fee88cccff..766734d6352 100644 --- a/2018/12xxx/CVE-2018-12772.json +++ b/2018/12xxx/CVE-2018-12772.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104701" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + }, + { + "name": "104701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104701" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12971.json b/2018/12xxx/CVE-2018-12971.json index 7498fdc8694..37013466531 100644 --- a/2018/12xxx/CVE-2018-12971.json +++ b/2018/12xxx/CVE-2018-12971.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/teameasy/EasyCMS/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/teameasy/EasyCMS/issues/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/teameasy/EasyCMS/issues/3", + "refsource": "MISC", + "url": "https://github.com/teameasy/EasyCMS/issues/3" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13375.json b/2018/13xxx/CVE-2018-13375.json index 28c82d785e7..5cc0da6927a 100644 --- a/2018/13xxx/CVE-2018-13375.json +++ b/2018/13xxx/CVE-2018-13375.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13375", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13375", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13417.json b/2018/13xxx/CVE-2018-13417.json index 7662445567a..384387dd3ed 100644 --- a/2018/13xxx/CVE-2018-13417.json +++ b/2018/13xxx/CVE-2018-13417.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45145", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45145/" - }, - { - "name" : "20180802 (CVE-2018-13417) Out-of-Band XXE in Vuze Bittorrent Client", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180802 (CVE-2018-13417) Out-of-Band XXE in Vuze Bittorrent Client", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/2" + }, + { + "name": "45145", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45145/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13593.json b/2018/13xxx/CVE-2018-13593.json index 0b360da8223..a4c4e562a28 100644 --- a/2018/13xxx/CVE-2018-13593.json +++ b/2018/13xxx/CVE-2018-13593.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CardToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CardToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CardToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CardToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13760.json b/2018/13xxx/CVE-2018-13760.json index d29f5e091cd..54fb1d460b0 100644 --- a/2018/13xxx/CVE-2018-13760.json +++ b/2018/13xxx/CVE-2018-13760.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyChainNetToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyChainNetToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyChainNetToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyChainNetToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13834.json b/2018/13xxx/CVE-2018-13834.json index 2fbf16a7817..cd586396a14 100644 --- a/2018/13xxx/CVE-2018-13834.json +++ b/2018/13xxx/CVE-2018-13834.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13834", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13834", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13997.json b/2018/13xxx/CVE-2018-13997.json index 412e7718cbf..925c9a92882 100644 --- a/2018/13xxx/CVE-2018-13997.json +++ b/2018/13xxx/CVE-2018-13997.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Genann through 2018-07-08 has a SEGV in genann_run in genann.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/codeplea/genann/issues/24#issuecomment-404429236", - "refsource" : "MISC", - "url" : "https://github.com/codeplea/genann/issues/24#issuecomment-404429236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Genann through 2018-07-08 has a SEGV in genann_run in genann.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/codeplea/genann/issues/24#issuecomment-404429236", + "refsource": "MISC", + "url": "https://github.com/codeplea/genann/issues/24#issuecomment-404429236" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17006.json b/2018/17xxx/CVE-2018-17006.json index 403dddced6a..b6bdf4f3e31 100644 --- a/2018/17xxx/CVE-2018-17006.json +++ b/2018/17xxx/CVE-2018-17006.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_02/README.md", - "refsource" : "MISC", - "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_02/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_02/README.md", + "refsource": "MISC", + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_02/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17178.json b/2018/17xxx/CVE-2018-17178.json index 7c5fb5c64ea..4048bc034ca 100644 --- a/2018/17xxx/CVE-2018-17178.json +++ b/2018/17xxx/CVE-2018-17178.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { \"message\" : \"invalid authorization header\" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners", - "refsource" : "MISC", - "url" : "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { \"message\" : \"invalid authorization header\" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners", + "refsource": "MISC", + "url": "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17432.json b/2018/17xxx/CVE-2018-17432.json index 9175cb0e717..d581acb8389 100644 --- a/2018/17xxx/CVE-2018-17432.json +++ b/2018/17xxx/CVE-2018-17432.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode", - "refsource" : "MISC", - "url" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode", + "refsource": "MISC", + "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17844.json b/2018/17xxx/CVE-2018-17844.json index 72eaace98bc..c288f1a070a 100644 --- a/2018/17xxx/CVE-2018-17844.json +++ b/2018/17xxx/CVE-2018-17844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17844", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17844", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file