From 3fb2e07ae46940aece87c1e9b664b10caa3a6388 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:04:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0669.json | 130 ++++++------- 2003/1xxx/CVE-2003-1364.json | 140 +++++++------- 2004/0xxx/CVE-2004-0089.json | 170 ++++++++--------- 2004/0xxx/CVE-2004-0291.json | 140 +++++++------- 2004/0xxx/CVE-2004-0306.json | 140 +++++++------- 2004/0xxx/CVE-2004-0580.json | 180 +++++++++--------- 2004/1xxx/CVE-2004-1083.json | 180 +++++++++--------- 2004/1xxx/CVE-2004-1688.json | 160 ++++++++-------- 2004/1xxx/CVE-2004-1877.json | 140 +++++++------- 2004/2xxx/CVE-2004-2106.json | 160 ++++++++-------- 2004/2xxx/CVE-2004-2257.json | 170 ++++++++--------- 2004/2xxx/CVE-2004-2320.json | 180 +++++++++--------- 2004/2xxx/CVE-2004-2395.json | 150 +++++++-------- 2008/2xxx/CVE-2008-2319.json | 34 ++-- 2008/2xxx/CVE-2008-2670.json | 160 ++++++++-------- 2008/6xxx/CVE-2008-6208.json | 140 +++++++------- 2008/6xxx/CVE-2008-6469.json | 150 +++++++-------- 2008/6xxx/CVE-2008-6938.json | 230 +++++++++++------------ 2012/1xxx/CVE-2012-1304.json | 34 ++-- 2012/1xxx/CVE-2012-1893.json | 140 +++++++------- 2012/1xxx/CVE-2012-1991.json | 34 ++-- 2012/5xxx/CVE-2012-5121.json | 170 ++++++++--------- 2012/5xxx/CVE-2012-5143.json | 150 +++++++-------- 2012/5xxx/CVE-2012-5278.json | 230 +++++++++++------------ 2012/5xxx/CVE-2012-5428.json | 34 ++-- 2012/5xxx/CVE-2012-5485.json | 160 ++++++++-------- 2012/5xxx/CVE-2012-5922.json | 34 ++-- 2017/11xxx/CVE-2017-11037.json | 34 ++-- 2017/11xxx/CVE-2017-11145.json | 230 +++++++++++------------ 2017/11xxx/CVE-2017-11643.json | 150 +++++++-------- 2017/11xxx/CVE-2017-11956.json | 34 ++-- 2017/15xxx/CVE-2017-15242.json | 120 ++++++------ 2017/15xxx/CVE-2017-15330.json | 120 ++++++------ 2017/15xxx/CVE-2017-15984.json | 120 ++++++------ 2017/3xxx/CVE-2017-3356.json | 180 +++++++++--------- 2017/8xxx/CVE-2017-8288.json | 160 ++++++++-------- 2017/8xxx/CVE-2017-8542.json | 140 +++++++------- 2018/10xxx/CVE-2018-10008.json | 34 ++-- 2018/10xxx/CVE-2018-10275.json | 34 ++-- 2018/12xxx/CVE-2018-12005.json | 34 ++-- 2018/12xxx/CVE-2018-12102.json | 130 ++++++------- 2018/12xxx/CVE-2018-12411.json | 328 ++++++++++++++++----------------- 2018/12xxx/CVE-2018-12516.json | 34 ++-- 2018/12xxx/CVE-2018-12593.json | 34 ++-- 2018/13xxx/CVE-2018-13474.json | 130 ++++++------- 2018/13xxx/CVE-2018-13480.json | 130 ++++++------- 2018/13xxx/CVE-2018-13553.json | 130 ++++++------- 2018/13xxx/CVE-2018-13718.json | 130 ++++++------- 2018/13xxx/CVE-2018-13739.json | 130 ++++++------- 2018/13xxx/CVE-2018-13900.json | 130 ++++++------- 2018/16xxx/CVE-2018-16262.json | 34 ++-- 2018/16xxx/CVE-2018-16326.json | 120 ++++++------ 2018/17xxx/CVE-2018-17939.json | 130 ++++++------- 2018/17xxx/CVE-2018-17982.json | 34 ++-- 54 files changed, 3377 insertions(+), 3377 deletions(-) diff --git a/2003/0xxx/CVE-2003-0669.json b/2003/0xxx/CVE-2003-0669.json index 969ee137b24..aa1cfdc02d5 100644 --- a/2003/0xxx/CVE-2003-0669.json +++ b/2003/0xxx/CVE-2003-0669.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via \"a rare race condition\" or an attack by local users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "47353", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47353" - }, - { - "name" : "oval:org.mitre.oval:def:4561", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via \"a rare race condition\" or an attack by local users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47353", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47353" + }, + { + "name": "oval:org.mitre.oval:def:4561", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4561" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1364.json b/2003/1xxx/CVE-2003-1364.json index 0d8364bff3d..44465ce43e5 100644 --- a/2003/1xxx/CVE-2003-1364.json +++ b/2003/1xxx/CVE-2003-1364.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030405 Abyss X1 1.1.2 remote crash", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0095.html" - }, - { - "name" : "7287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7287" - }, - { - "name" : "abyss-http-get-dos(11718)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7287" + }, + { + "name": "20030405 Abyss X1 1.1.2 remote crash", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-04/0095.html" + }, + { + "name": "abyss-http-get-dos(11718)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11718" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0089.json b/2004/0xxx/CVE-2004-0089.json index d47e76bde0c..b9cdfd6bd81 100644 --- a/2004/0xxx/CVE-2004-0089.json +++ b/2004/0xxx/CVE-2004-0089.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A012704-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2004/a012704-1.txt" - }, - { - "name" : "APPLE-SA-2004-01-26", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" - }, - { - "name" : "VU#902374", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/902374" - }, - { - "name" : "9509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9509" - }, - { - "name" : "6821", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6821" - }, - { - "name" : "macosx-trublue-environmentvariable-bo(14968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2004-01-26", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" + }, + { + "name": "VU#902374", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/902374" + }, + { + "name": "macosx-trublue-environmentvariable-bo(14968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14968" + }, + { + "name": "6821", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6821" + }, + { + "name": "9509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9509" + }, + { + "name": "A012704-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2004/a012704-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0291.json b/2004/0xxx/CVE-2004-0291.json index cf6418ab202..cddcfec25da 100644 --- a/2004/0xxx/CVE-2004-0291.json +++ b/2004/0xxx/CVE-2004-0291.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040216 Another YabbSE SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107696318522985&w=2" - }, - { - "name" : "9674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9674" - }, - { - "name" : "yabb-post-sql-injection(15224)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040216 Another YabbSE SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107696318522985&w=2" + }, + { + "name": "yabb-post-sql-injection(15224)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15224" + }, + { + "name": "9674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9674" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0306.json b/2004/0xxx/CVE-2004-0306.json index 8fbc93c0f83..076451c95f7 100644 --- a/2004/0xxx/CVE-2004-0306.json +++ b/2004/0xxx/CVE-2004-0306.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml" - }, - { - "name" : "cisco-ons-file-upload(15264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15264" - }, - { - "name" : "9699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml" + }, + { + "name": "9699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9699" + }, + { + "name": "cisco-ons-file-upload(15264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15264" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0580.json b/2004/0xxx/CVE-2004-0580.json index 9fc1f150710..28346673cc6 100644 --- a/2004/0xxx/CVE-2004-0580.json +++ b/2004/0xxx/CVE-2004-0580.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040607 Linksys BEFSR41 DHCP vulnerability server leaks network data", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108662876129301&w=2" - }, - { - "name" : "http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=832&p_%20\\created=1086294093&p_sid=pU1X1idh&p_lva=&p_sp=cF9zcmNoPSZwX3NvcnRfYnk9JnBfZ3JpZHNvcnQ9%20\\JnBfcm93X2NudD02NTQmcF9wYWdlPTE*&p_li=", - "refsource" : "CONFIRM", - "url" : "http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=832&p_%20\\created=1086294093&p_sid=pU1X1idh&p_lva=&p_sp=cF9zcmNoPSZwX3NvcnRfYnk9JnBfZ3JpZHNvcnQ9%20\\JnBfcm93X2NudD02NTQmcF9wYWdlPTE*&p_li=" - }, - { - "name" : "10329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10329" - }, - { - "name" : "6325", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6325" - }, - { - "name" : "1010288", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2004/May/1010288.html" - }, - { - "name" : "11606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11606" - }, - { - "name" : "linksys-etherfast-bootp-dos(16142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=832&p_%20\\created=1086294093&p_sid=pU1X1idh&p_lva=&p_sp=cF9zcmNoPSZwX3NvcnRfYnk9JnBfZ3JpZHNvcnQ9%20\\JnBfcm93X2NudD02NTQmcF9wYWdlPTE*&p_li=", + "refsource": "CONFIRM", + "url": "http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=832&p_%20\\created=1086294093&p_sid=pU1X1idh&p_lva=&p_sp=cF9zcmNoPSZwX3NvcnRfYnk9JnBfZ3JpZHNvcnQ9%20\\JnBfcm93X2NudD02NTQmcF9wYWdlPTE*&p_li=" + }, + { + "name": "linksys-etherfast-bootp-dos(16142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16142" + }, + { + "name": "11606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11606" + }, + { + "name": "6325", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6325" + }, + { + "name": "1010288", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2004/May/1010288.html" + }, + { + "name": "20040607 Linksys BEFSR41 DHCP vulnerability server leaks network data", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108662876129301&w=2" + }, + { + "name": "10329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10329" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1083.json b/2004/1xxx/CVE-2004-1083.json index 58e067fd6c0..f40b6675395 100644 --- a/2004/1xxx/CVE-2004-1083.json +++ b/2004/1xxx/CVE-2004-1083.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with \".ht\" using alternate capitalization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-12-02", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "P-049", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-049.shtml" - }, - { - "name" : "11802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11802" - }, - { - "name" : "13362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13362/" - }, - { - "name" : "apache-hfs-file-disclosure(18348)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with \".ht\" using alternate capitalization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11802" + }, + { + "name": "13362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13362/" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2004-12-02", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html" + }, + { + "name": "apache-hfs-file-disclosure(18348)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18348" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "P-049", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-049.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1688.json b/2004/1xxx/CVE-2004-1688.json index 21b1f299b3f..2c039b3298f 100644 --- a/2004/1xxx/CVE-2004-1688.json +++ b/2004/1xxx/CVE-2004-1688.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040916 Freeze in Pigeon Server 3.02.0143", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109543366631724&w=2" - }, - { - "name" : "20040916 Freeze in Pigeon Server 3.02.0143", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026515.html" - }, - { - "name" : "11203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11203" - }, - { - "name" : "12585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12585" - }, - { - "name" : "pigeon-server-dos(17427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040916 Freeze in Pigeon Server 3.02.0143", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026515.html" + }, + { + "name": "12585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12585" + }, + { + "name": "11203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11203" + }, + { + "name": "pigeon-server-dos(17427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17427" + }, + { + "name": "20040916 Freeze in Pigeon Server 3.02.0143", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109543366631724&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1877.json b/2004/1xxx/CVE-2004-1877.json index dffaa1a9381..63a1b2d9327 100644 --- a/2004/1xxx/CVE-2004-1877.json +++ b/2004/1xxx/CVE-2004-1877.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040330 Problem with customized login pages for Oracle SSO", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108067040722235&w=2" - }, - { - "name" : "10009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10009" - }, - { - "name" : "oracle-sso-login-spoofing(15676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040330 Problem with customized login pages for Oracle SSO", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108067040722235&w=2" + }, + { + "name": "10009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10009" + }, + { + "name": "oracle-sso-login-spoofing(15676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15676" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2106.json b/2004/2xxx/CVE-2004-2106.json index 79e89034bc2..1e48a7607b3 100644 --- a/2004/2xxx/CVE-2004-2106.json +++ b/2004/2xxx/CVE-2004-2106.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040123 NetWare-Enterprise-Web-Server/5.1/6.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107487862304440&w=2" - }, - { - "name" : "13402", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13402" - }, - { - "name" : "13403", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13403" - }, - { - "name" : "13404", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13404" - }, - { - "name" : "netware-enterprise-directory-disclosure(21749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netware-enterprise-directory-disclosure(21749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21749" + }, + { + "name": "13404", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13404" + }, + { + "name": "20040123 NetWare-Enterprise-Web-Server/5.1/6.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107487862304440&w=2" + }, + { + "name": "13403", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13403" + }, + { + "name": "13402", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13402" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2257.json b/2004/2xxx/CVE-2004-2257.json index 10c1d7c9cc3..e5e01a9ecde 100644 --- a/2004/2xxx/CVE-2004-2257.json +++ b/2004/2xxx/CVE-2004-2257.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyfaq.de/advisory_2004-07-27.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/advisory_2004-07-27.php" - }, - { - "name" : "10813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10813" - }, - { - "name" : "8240", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8240" - }, - { - "name" : "1010795", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010795" - }, - { - "name" : "12085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12085" - }, - { - "name" : "phpmyfaq-authentication-bypass(16814)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8240", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8240" + }, + { + "name": "1010795", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010795" + }, + { + "name": "12085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12085" + }, + { + "name": "phpmyfaq-authentication-bypass(16814)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814" + }, + { + "name": "http://www.phpmyfaq.de/advisory_2004-07-27.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/advisory_2004-07-27.php" + }, + { + "name": "10813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10813" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2320.json b/2004/2xxx/CVE-2004-2320.json index 74490a16798..11b29d20e98 100644 --- a/2004/2xxx/CVE-2004-2320.json +++ b/2004/2xxx/CVE-2004-2320.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA04-48.01", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/68" - }, - { - "name" : "VU#867593", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/867593" - }, - { - "name" : "9506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9506" - }, - { - "name" : "3726", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3726" - }, - { - "name" : "1008866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Jan/1008866.html" - }, - { - "name" : "10726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10726" - }, - { - "name" : "weblogic-trace-xss(14959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weblogic-trace-xss(14959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14959" + }, + { + "name": "VU#867593", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/867593" + }, + { + "name": "BEA04-48.01", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/68" + }, + { + "name": "9506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9506" + }, + { + "name": "10726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10726" + }, + { + "name": "1008866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Jan/1008866.html" + }, + { + "name": "3726", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3726" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2395.json b/2004/2xxx/CVE-2004-2395.json index e4e79ff8977..6f85c3b005a 100644 --- a/2004/2xxx/CVE-2004-2395.json +++ b/2004/2xxx/CVE-2004-2395.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060", - "refsource" : "MISC", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060" - }, - { - "name" : "MDKSA-2004:045", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:045" - }, - { - "name" : "10370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10370" - }, - { - "name" : "passwd-memory-leak(16180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10370" + }, + { + "name": "MDKSA-2004:045", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:045" + }, + { + "name": "passwd-memory-leak(16180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16180" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060", + "refsource": "MISC", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2319.json b/2008/2xxx/CVE-2008-2319.json index 520056d4630..53b12e9edc0 100644 --- a/2008/2xxx/CVE-2008-2319.json +++ b/2008/2xxx/CVE-2008-2319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2670.json b/2008/2xxx/CVE-2008-2670.json index 4a4a6967ef7..0870aa87c39 100644 --- a/2008/2xxx/CVE-2008-2670.json +++ b/2008/2xxx/CVE-2008-2670.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080610 [web-app] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493224/100/0/threaded" - }, - { - "name" : "5774", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5774" - }, - { - "name" : "http://chroot.org/exploits/chroot_uu_010", - "refsource" : "MISC", - "url" : "http://chroot.org/exploits/chroot_uu_010" - }, - { - "name" : "29630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29630" - }, - { - "name" : "3938", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080610 [web-app] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493224/100/0/threaded" + }, + { + "name": "5774", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5774" + }, + { + "name": "http://chroot.org/exploits/chroot_uu_010", + "refsource": "MISC", + "url": "http://chroot.org/exploits/chroot_uu_010" + }, + { + "name": "29630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29630" + }, + { + "name": "3938", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3938" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6208.json b/2008/6xxx/CVE-2008-6208.json index 6238c04cf52..dfdc3d1d331 100644 --- a/2008/6xxx/CVE-2008-6208.json +++ b/2008/6xxx/CVE-2008-6208.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html", - "refsource" : "MISC", - "url" : "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html" - }, - { - "name" : "28982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28982" - }, - { - "name" : "e107-submitnews-xss(42248)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "e107-submitnews-xss(42248)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42248" + }, + { + "name": "28982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28982" + }, + { + "name": "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html", + "refsource": "MISC", + "url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28982.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6469.json b/2008/6xxx/CVE-2008-6469.json index b1e3403c8ad..f2263c55388 100644 --- a/2008/6xxx/CVE-2008-6469.json +++ b/2008/6xxx/CVE-2008-6469.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6503", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6503" - }, - { - "name" : "31275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31275" - }, - { - "name" : "48436", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48436" - }, - { - "name" : "31952", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48436", + "refsource": "OSVDB", + "url": "http://osvdb.org/48436" + }, + { + "name": "31952", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31952" + }, + { + "name": "6503", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6503" + }, + { + "name": "31275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31275" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6938.json b/2008/6xxx/CVE-2008-6938.json index 64902c17bb8..ded48d419c2 100644 --- a/2008/6xxx/CVE-2008-6938.json +++ b/2008/6xxx/CVE-2008-6938.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\\users.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081122 Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498575" - }, - { - "name" : "20081122 Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.html" - }, - { - "name" : "20081124 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498602" - }, - { - "name" : "20081130 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498770" - }, - { - "name" : "20081201 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498771" - }, - { - "name" : "20081203 Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498865" - }, - { - "name" : "7109", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7109" - }, - { - "name" : "32287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32287" - }, - { - "name" : "49998", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/49998" - }, - { - "name" : "49999", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/49999" - }, - { - "name" : "32696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32696" - }, - { - "name" : "pi3web-isapi-dos(46600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\\users.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081201 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498771" + }, + { + "name": "49999", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/49999" + }, + { + "name": "32287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32287" + }, + { + "name": "20081122 Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498575" + }, + { + "name": "20081130 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498770" + }, + { + "name": "20081124 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498602" + }, + { + "name": "20081122 Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.html" + }, + { + "name": "32696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32696" + }, + { + "name": "pi3web-isapi-dos(46600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46600" + }, + { + "name": "49998", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/49998" + }, + { + "name": "20081203 Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498865" + }, + { + "name": "7109", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7109" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1304.json b/2012/1xxx/CVE-2012-1304.json index ce312a85534..51f40a03cb5 100644 --- a/2012/1xxx/CVE-2012-1304.json +++ b/2012/1xxx/CVE-2012-1304.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1304", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1304", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1893.json b/2012/1xxx/CVE-2012-1893.json index bb47c098dea..af98897dc7a 100644 --- a/2012/1xxx/CVE-2012-1893.json +++ b/2012/1xxx/CVE-2012-1893.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka \"Win32k Incorrect Type Handling Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-047" - }, - { - "name" : "TA12-192A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15654", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka \"Win32k Incorrect Type Handling Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-192A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" + }, + { + "name": "oval:org.mitre.oval:def:15654", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15654" + }, + { + "name": "MS12-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-047" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1991.json b/2012/1xxx/CVE-2012-1991.json index 37d11e74ef9..4d3adba792e 100644 --- a/2012/1xxx/CVE-2012-1991.json +++ b/2012/1xxx/CVE-2012-1991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1991", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1991", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5121.json b/2012/5xxx/CVE-2012-5121.json index a6256dbab01..0f274ddb9c7 100644 --- a/2012/5xxx/CVE-2012-5121.json +++ b/2012/5xxx/CVE-2012-5121.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=154055", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=154055" - }, - { - "name" : "56413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56413" - }, - { - "name" : "87073", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87073" - }, - { - "name" : "oval:org.mitre.oval:def:15957", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15957" - }, - { - "name" : "chrome-cve20125121-code-exec(79868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56413" + }, + { + "name": "oval:org.mitre.oval:def:15957", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15957" + }, + { + "name": "chrome-cve20125121-code-exec(79868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79868" + }, + { + "name": "87073", + "refsource": "OSVDB", + "url": "http://osvdb.org/87073" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=154055", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=154055" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5143.json b/2012/5xxx/CVE-2012-5143.json index 6f2ddfbfabc..f6f6c30f559 100644 --- a/2012/5xxx/CVE-2012-5143.json +++ b/2012/5xxx/CVE-2012-5143.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=160926", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=160926" - }, - { - "name" : "openSUSE-SU-2012:1682", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00073.html" - }, - { - "name" : "oval:org.mitre.oval:def:16187", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=160926", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=160926" + }, + { + "name": "oval:org.mitre.oval:def:16187", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16187" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html" + }, + { + "name": "openSUSE-SU-2012:1682", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00073.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5278.json b/2012/5xxx/CVE-2012-5278.json index 7f057772ada..59f8f23460d 100644 --- a/2012/5xxx/CVE-2012-5278.json +++ b/2012/5xxx/CVE-2012-5278.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-24.html" - }, - { - "name" : "RHSA-2012:1431", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1431.html" - }, - { - "name" : "SUSE-SU-2012:1485", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.html" - }, - { - "name" : "openSUSE-SU-2012:1480", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0134", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.html" - }, - { - "name" : "openSUSE-SU-2013:0367", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.html" - }, - { - "name" : "1027730", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027730" - }, - { - "name" : "51245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51245" - }, - { - "name" : "51186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51186" - }, - { - "name" : "51207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51207" - }, - { - "name" : "51213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51213" - }, - { - "name" : "adobe-cve20125278-code-exec(79851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0134", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.html" + }, + { + "name": "RHSA-2012:1431", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1431.html" + }, + { + "name": "51245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51245" + }, + { + "name": "1027730", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027730" + }, + { + "name": "openSUSE-SU-2013:0367", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.html" + }, + { + "name": "51186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51186" + }, + { + "name": "openSUSE-SU-2012:1480", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.html" + }, + { + "name": "adobe-cve20125278-code-exec(79851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79851" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-24.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-24.html" + }, + { + "name": "SUSE-SU-2012:1485", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.html" + }, + { + "name": "51213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51213" + }, + { + "name": "51207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51207" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5428.json b/2012/5xxx/CVE-2012-5428.json index 0b14eaef6e2..f3b4e1ca6a8 100644 --- a/2012/5xxx/CVE-2012-5428.json +++ b/2012/5xxx/CVE-2012-5428.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5428", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5428", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5485.json b/2012/5xxx/CVE-2012-5485.json index 650291858ce..58671b883f0 100644 --- a/2012/5xxx/CVE-2012-5485.json +++ b/2012/5xxx/CVE-2012-5485.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121106", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121106" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/01", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/01" - }, - { - "name" : "RHSA-2014:1194", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1194.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121106", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121106" + }, + { + "name": "RHSA-2014:1194", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/01", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/01" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5922.json b/2012/5xxx/CVE-2012-5922.json index 2ad93b77d31..dbfea216b4d 100644 --- a/2012/5xxx/CVE-2012-5922.json +++ b/2012/5xxx/CVE-2012-5922.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5922", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5922", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11037.json b/2017/11xxx/CVE-2017-11037.json index 206aa7d06e9..ee663f0e766 100644 --- a/2017/11xxx/CVE-2017-11037.json +++ b/2017/11xxx/CVE-2017-11037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11037", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11037", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11145.json b/2017/11xxx/CVE-2017-11145.json index 7701b926f4e..8e3e86ac95b 100644 --- a/2017/11xxx/CVE-2017-11145.json +++ b/2017/11xxx/CVE-2017-11145.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75", - "refsource" : "MISC", - "url" : "https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=e8b7698f5ee757ce2c8bd10a192a491a498f891c", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=e8b7698f5ee757ce2c8bd10a192a491a498f891c" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/07/10/6", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2017/07/10/6" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=74819", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=74819" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-12", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-12" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180112-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180112-0001/" - }, - { - "name" : "DSA-4080", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4080" - }, - { - "name" : "DSA-4081", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4081" - }, - { - "name" : "RHSA-2018:1296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1296" - }, - { - "name" : "99550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2017/07/10/6", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2017/07/10/6" + }, + { + "name": "https://bugs.php.net/bug.php?id=74819", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=74819" + }, + { + "name": "https://www.tenable.com/security/tns-2017-12", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-12" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=e8b7698f5ee757ce2c8bd10a192a491a498f891c", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=e8b7698f5ee757ce2c8bd10a192a491a498f891c" + }, + { + "name": "99550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99550" + }, + { + "name": "RHSA-2018:1296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1296" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180112-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180112-0001/" + }, + { + "name": "DSA-4081", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4081" + }, + { + "name": "DSA-4080", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4080" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75", + "refsource": "MISC", + "url": "https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11643.json b/2017/11xxx/CVE-2017-11643.json index 30eca4b1343..236707731c5 100644 --- a/2017/11xxx/CVE-2017-11643.json +++ b/2017/11xxx/CVE-2017-11643.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "100357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" + }, + { + "name": "100357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100357" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11956.json b/2017/11xxx/CVE-2017-11956.json index 84d2562e912..70af626999b 100644 --- a/2017/11xxx/CVE-2017-11956.json +++ b/2017/11xxx/CVE-2017-11956.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11956", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11956", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15242.json b/2017/15xxx/CVE-2017-15242.json index 8379b5395b3..00502c7fd43 100644 --- a/2017/15xxx/CVE-2017-15242.json +++ b/2017/15xxx/CVE-2017-15242.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15242", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15242", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15242" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15330.json b/2017/15xxx/CVE-2017-15330.json index 599657f68ed..b3429e6504a 100644 --- a/2017/15xxx/CVE-2017-15330.json +++ b/2017/15xxx/CVE-2017-15330.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-15330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Vicky-AL00A", - "version" : { - "version_data" : [ - { - "version_value" : "Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Double Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-15330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Vicky-AL00A", + "version": { + "version_data": [ + { + "version_value": "Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15984.json b/2017/15xxx/CVE-2017-15984.json index 3c88436b3be..6f023c57a60 100644 --- a/2017/15xxx/CVE-2017-15984.json +++ b/2017/15xxx/CVE-2017-15984.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43075", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43075/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43075", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43075/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3356.json b/2017/3xxx/CVE-2017-3356.json index 2410bab6cc0..84a7eb3331f 100644 --- a/2017/3xxx/CVE-2017-3356.json +++ b/2017/3xxx/CVE-2017-3356.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "98058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98058" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8288.json b/2017/8xxx/CVE-2017-8288.json index 2110a260e74..00f2050f8cb 100644 --- a/2017/8xxx/CVE-2017-8288.json +++ b/2017/8xxx/CVE-2017-8288.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.kali.org/view.php?id=2513", - "refsource" : "CONFIRM", - "url" : "https://bugs.kali.org/view.php?id=2513" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=781728", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=781728" - }, - { - "name" : "https://github.com/EasyScreenCast/EasyScreenCast/issues/46", - "refsource" : "CONFIRM", - "url" : "https://github.com/EasyScreenCast/EasyScreenCast/issues/46" - }, - { - "name" : "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1", - "refsource" : "CONFIRM", - "url" : "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1" - }, - { - "name" : "98070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/EasyScreenCast/EasyScreenCast/issues/46", + "refsource": "CONFIRM", + "url": "https://github.com/EasyScreenCast/EasyScreenCast/issues/46" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=781728", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=781728" + }, + { + "name": "98070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98070" + }, + { + "name": "https://bugs.kali.org/view.php?id=2513", + "refsource": "CONFIRM", + "url": "https://bugs.kali.org/view.php?id=2513" + }, + { + "name": "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1", + "refsource": "CONFIRM", + "url": "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8542.json b/2017/8xxx/CVE-2017-8542.json index 0c2b1342e5a..22b2898fbfb 100644 --- a/2017/8xxx/CVE-2017-8542.json +++ b/2017/8xxx/CVE-2017-8542.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Malware Protection", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Server" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Malware Protection", + "version": { + "version_data": [ + { + "version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542" - }, - { - "name" : "98707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98707" - }, - { - "name" : "1038571", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Server" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542" + }, + { + "name": "98707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98707" + }, + { + "name": "1038571", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038571" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10008.json b/2018/10xxx/CVE-2018-10008.json index e056502c6ea..b721cb57b51 100644 --- a/2018/10xxx/CVE-2018-10008.json +++ b/2018/10xxx/CVE-2018-10008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10275.json b/2018/10xxx/CVE-2018-10275.json index e7c6e7b0070..ff3e1e9a850 100644 --- a/2018/10xxx/CVE-2018-10275.json +++ b/2018/10xxx/CVE-2018-10275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10275", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10275", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12005.json b/2018/12xxx/CVE-2018-12005.json index f871d03bb0a..66430b0fb9f 100644 --- a/2018/12xxx/CVE-2018-12005.json +++ b/2018/12xxx/CVE-2018-12005.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12005", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12005", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12102.json b/2018/12xxx/CVE-2018-12102.json index cd53e21a92a..9d77aa1a30a 100644 --- a/2018/12xxx/CVE-2018-12102.json +++ b/2018/12xxx/CVE-2018-12102.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Edward-L/fuzzing-pocs/tree/master/md4c", - "refsource" : "MISC", - "url" : "https://github.com/Edward-L/fuzzing-pocs/tree/master/md4c" - }, - { - "name" : "https://github.com/mity/md4c/issues/41", - "refsource" : "MISC", - "url" : "https://github.com/mity/md4c/issues/41" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Edward-L/fuzzing-pocs/tree/master/md4c", + "refsource": "MISC", + "url": "https://github.com/Edward-L/fuzzing-pocs/tree/master/md4c" + }, + { + "name": "https://github.com/mity/md4c/issues/41", + "refsource": "MISC", + "url": "https://github.com/mity/md4c/issues/41" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12411.json b/2018/12xxx/CVE-2018-12411.json index 2c7c9fb64a5..b5ff390369c 100644 --- a/2018/12xxx/CVE-2018-12411.json +++ b/2018/12xxx/CVE-2018-12411.json @@ -1,166 +1,166 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2018-11-06T17:00:00.000Z", - "ID" : "CVE-2018-12411", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO ActiveSpaces - Community Edition", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "3.3.0" - }, - { - "affected" : "=", - "version_value" : "3.4.0" - }, - { - "affected" : "=", - "version_value" : "3.5.0" - } - ] - } - }, - { - "product_name" : "TIBCO ActiveSpaces - Developer Edition", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "3.0.0" - }, - { - "affected" : "=", - "version_value" : "3.1.0" - }, - { - "affected" : "=", - "version_value" : "3.3.0" - }, - { - "affected" : "=", - "version_value" : "3.4.0" - }, - { - "affected" : "=", - "version_value" : "3.5.0" - } - ] - } - }, - { - "product_name" : "TIBCO ActiveSpaces - Enterprise Edition", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "3.0.0" - }, - { - "affected" : "=", - "version_value" : "3.1.0" - }, - { - "affected" : "=", - "version_value" : "3.2.0" - }, - { - "affected" : "=", - "version_value" : "3.3.0" - }, - { - "affected" : "=", - "version_value" : "3.4.0" - }, - { - "affected" : "=", - "version_value" : "3.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "In deployments that use the administrative daemon, there is a theoretical possibility that an attacker could gain full administrative access to the data grid, including the possibility of deleting data tables, and removing nodes from operation." - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2018-11-06T17:00:00.000Z", + "ID": "CVE-2018-12411", + "STATE": "PUBLIC", + "TITLE": "TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO ActiveSpaces - Community Edition", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "3.3.0" + }, + { + "affected": "=", + "version_value": "3.4.0" + }, + { + "affected": "=", + "version_value": "3.5.0" + } + ] + } + }, + { + "product_name": "TIBCO ActiveSpaces - Developer Edition", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "3.0.0" + }, + { + "affected": "=", + "version_value": "3.1.0" + }, + { + "affected": "=", + "version_value": "3.3.0" + }, + { + "affected": "=", + "version_value": "3.4.0" + }, + { + "affected": "=", + "version_value": "3.5.0" + } + ] + } + }, + { + "product_name": "TIBCO ActiveSpaces - Enterprise Edition", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "3.0.0" + }, + { + "affected": "=", + "version_value": "3.1.0" + }, + { + "affected": "=", + "version_value": "3.2.0" + }, + { + "affected": "=", + "version_value": "3.3.0" + }, + { + "affected": "=", + "version_value": "3.4.0" + }, + { + "affected": "=", + "version_value": "3.5.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/services/support/advisories", - "refsource" : "MISC", - "url" : "http://www.tibco.com/services/support/advisories" - }, - { - "name" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces" - }, - { - "name" : "105869", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105869" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveSpaces - Community Edition versions 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher.\n" - } - ], - "source" : { - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "In deployments that use the administrative daemon, there is a theoretical possibility that an attacker could gain full administrative access to the data grid, including the possibility of deleting data tables, and removing nodes from operation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces" + }, + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories" + }, + { + "name": "105869", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105869" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveSpaces - Community Edition versions 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher.\n" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12516.json b/2018/12xxx/CVE-2018-12516.json index b9f9cb01b4c..1a0035876b6 100644 --- a/2018/12xxx/CVE-2018-12516.json +++ b/2018/12xxx/CVE-2018-12516.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12516", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12516", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12593.json b/2018/12xxx/CVE-2018-12593.json index ff72a70a846..dfce6acbdd9 100644 --- a/2018/12xxx/CVE-2018-12593.json +++ b/2018/12xxx/CVE-2018-12593.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12593", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12593", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13474.json b/2018/13xxx/CVE-2018-13474.json index 1a4de4a310d..675ef18c2a5 100644 --- a/2018/13xxx/CVE-2018-13474.json +++ b/2018/13xxx/CVE-2018-13474.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FansChainToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FansChainToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FansChainToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FansChainToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13480.json b/2018/13xxx/CVE-2018-13480.json index b1676d22bc4..5301c37cd00 100644 --- a/2018/13xxx/CVE-2018-13480.json +++ b/2018/13xxx/CVE-2018-13480.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for QRG, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/QRG", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/QRG" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for QRG, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/QRG", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/QRG" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13553.json b/2018/13xxx/CVE-2018-13553.json index 512cc0a1b7f..c03286c8401 100644 --- a/2018/13xxx/CVE-2018-13553.json +++ b/2018/13xxx/CVE-2018-13553.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Micro BTC (MBTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BTC", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BTC" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Micro BTC (MBTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BTC", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BTC" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13718.json b/2018/13xxx/CVE-2018-13718.json index 858f04b6c2d..def1c599852 100644 --- a/2018/13xxx/CVE-2018-13718.json +++ b/2018/13xxx/CVE-2018-13718.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FuturXe", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FuturXe" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FuturXe", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FuturXe" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13739.json b/2018/13xxx/CVE-2018-13739.json index 8d3341a503c..182e5125d54 100644 --- a/2018/13xxx/CVE-2018-13739.json +++ b/2018/13xxx/CVE-2018-13739.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/dopnetwork", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/dopnetwork" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/dopnetwork", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/dopnetwork" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13900.json b/2018/13xxx/CVE-2018-13900.json index a100ae56a05..58d5ab82da0 100644 --- a/2018/13xxx/CVE-2018-13900.json +++ b/2018/13xxx/CVE-2018-13900.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-13900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free issue in HLOS Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-13900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin" - }, - { - "name" : "106949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free issue in HLOS Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106949" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16262.json b/2018/16xxx/CVE-2018-16262.json index 027a54ca387..becac13452e 100644 --- a/2018/16xxx/CVE-2018-16262.json +++ b/2018/16xxx/CVE-2018-16262.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16262", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16262", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16326.json b/2018/16xxx/CVE-2018-16326.json index ec68896b737..4d7dcfef3e7 100644 --- a/2018/16xxx/CVE-2018-16326.json +++ b/2018/16xxx/CVE-2018-16326.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Olx Clone 3.4.2 has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://googlequeens.com/2018/09/02/cve-2018-16326-olx_clone-3-4-2-stored-xss-via-search-by-keyword/", - "refsource" : "MISC", - "url" : "https://googlequeens.com/2018/09/02/cve-2018-16326-olx_clone-3-4-2-stored-xss-via-search-by-keyword/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Olx Clone 3.4.2 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://googlequeens.com/2018/09/02/cve-2018-16326-olx_clone-3-4-2-stored-xss-via-search-by-keyword/", + "refsource": "MISC", + "url": "https://googlequeens.com/2018/09/02/cve-2018-16326-olx_clone-3-4-2-stored-xss-via-search-by-keyword/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17939.json b/2018/17xxx/CVE-2018-17939.json index d0af2a69a3b..4139b3a8b00 100644 --- a/2018/17xxx/CVE-2018-17939.json +++ b/2018/17xxx/CVE-2018-17939.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/51956", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/51956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51956", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51956" + }, + { + "name": "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17982.json b/2018/17xxx/CVE-2018-17982.json index 650d308e274..ebd1cd6a89c 100644 --- a/2018/17xxx/CVE-2018-17982.json +++ b/2018/17xxx/CVE-2018-17982.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17982", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17982", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file