diff --git a/2003/0xxx/CVE-2003-0751.json b/2003/0xxx/CVE-2003-0751.json index e46cdeb5f48..1bb533b6f24 100644 --- a/2003/0xxx/CVE-2003-0751.json +++ b/2003/0xxx/CVE-2003-0751.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1064.json b/2003/1xxx/CVE-2003-1064.json index 6f61cc36f65..1428e68b20e 100644 --- a/2003/1xxx/CVE-2003-1064.json +++ b/2003/1xxx/CVE-2003-1064.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "55301", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55301-1" - }, - { - "name" : "VU#370060", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/370060" - }, - { - "name" : "8250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8250" - }, - { - "name" : "solaris-ipv6-packet-dos(12680)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8250" + }, + { + "name": "solaris-ipv6-packet-dos(12680)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12680" + }, + { + "name": "55301", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55301-1" + }, + { + "name": "VU#370060", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/370060" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1096.json b/2003/1xxx/CVE-2003-1096.json index 73b82879dc8..577ac9cc428 100644 --- a/2003/1xxx/CVE-2003-1096.json +++ b/2003/1xxx/CVE-2003-1096.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030803 Dictionary Attack on Cisco LEAP Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml" - }, - { - "name" : "20031006 Weaknesses in LEAP Challenge/Response", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/340365" - }, - { - "name" : "20031003 Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/340119" - }, - { - "name" : "20040407 Release of Cisco Attack tool Asleap", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108135227731965&w=2" - }, - { - "name" : "VU#473108", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/473108" - }, - { - "name" : "8755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8755" - }, - { - "name" : "15209", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15209" - }, - { - "name" : "cisco-leap-dictionary(12804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031003 Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/340119" + }, + { + "name": "20031006 Weaknesses in LEAP Challenge/Response", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/340365" + }, + { + "name": "15209", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15209" + }, + { + "name": "20040407 Release of Cisco Attack tool Asleap", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108135227731965&w=2" + }, + { + "name": "8755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8755" + }, + { + "name": "20030803 Dictionary Attack on Cisco LEAP Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml" + }, + { + "name": "VU#473108", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/473108" + }, + { + "name": "cisco-leap-dictionary(12804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12804" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1174.json b/2003/1xxx/CVE-2003-1174.json index 9d970781820..0583286d5e6 100644 --- a/2003/1xxx/CVE-2003-1174.json +++ b/2003/1xxx/CVE-2003-1174.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031102 ShoutCast server 1.9.2/win32", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343177" - }, - { - "name" : "8954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8954" - }, - { - "name" : "2776", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2776" - }, - { - "name" : "1008080", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008080" - }, - { - "name" : "10146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10146" - }, - { - "name" : "shoutcast-long-icy-dos(13586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2776", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2776" + }, + { + "name": "10146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10146" + }, + { + "name": "1008080", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008080" + }, + { + "name": "8954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8954" + }, + { + "name": "20031102 ShoutCast server 1.9.2/win32", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343177" + }, + { + "name": "shoutcast-long-icy-dos(13586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13586" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0071.json b/2004/0xxx/CVE-2004-0071.json index e21168830f5..17a039a48ab 100644 --- a/2004/0xxx/CVE-2004-0071.json +++ b/2004/0xxx/CVE-2004-0071.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040110 PHP Manpage lookup directory transversal / file disclosing", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107392764118403&w=2" - }, - { - "name" : "9395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9395" - }, - { - "name" : "1008689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008689" - }, - { - "name" : "manpagelookup-directory-traversal(14203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1008689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008689" + }, + { + "name": "20040110 PHP Manpage lookup directory transversal / file disclosing", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107392764118403&w=2" + }, + { + "name": "manpagelookup-directory-traversal(14203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14203" + }, + { + "name": "9395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9395" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0151.json b/2004/0xxx/CVE-2004-0151.json index 426969d5c14..2570c180688 100644 --- a/2004/0xxx/CVE-2004-0151.json +++ b/2004/0xxx/CVE-2004-0151.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in xitalk 1.1.11 and earlier allows local users to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-462", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-462" - }, - { - "name" : "http://shellcode.org/Advisories/XITALK.txt", - "refsource" : "MISC", - "url" : "http://shellcode.org/Advisories/XITALK.txt" - }, - { - "name" : "11114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11114/" - }, - { - "name" : "9851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9851" - }, - { - "name" : "xitalk-gain-privileges(15456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in xitalk 1.1.11 and earlier allows local users to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11114/" + }, + { + "name": "xitalk-gain-privileges(15456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15456" + }, + { + "name": "9851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9851" + }, + { + "name": "http://shellcode.org/Advisories/XITALK.txt", + "refsource": "MISC", + "url": "http://shellcode.org/Advisories/XITALK.txt" + }, + { + "name": "DSA-462", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-462" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0200.json b/2004/0xxx/CVE-2004-0200.json index e764dedacf8..603c46a21d5 100644 --- a/2004/0xxx/CVE-2004-0200.json +++ b/2004/0xxx/CVE-2004-0200.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109524346729948&w=2" - }, - { - "name" : "MS04-028", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028" - }, - { - "name" : "TA04-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-260A.html" - }, - { - "name" : "VU#297462", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/297462" - }, - { - "name" : "oval:org.mitre.oval:def:1105", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105" - }, - { - "name" : "oval:org.mitre.oval:def:1721", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721" - }, - { - "name" : "oval:org.mitre.oval:def:2706", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706" - }, - { - "name" : "oval:org.mitre.oval:def:3038", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038" - }, - { - "name" : "oval:org.mitre.oval:def:3082", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082" - }, - { - "name" : "oval:org.mitre.oval:def:3320", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320" - }, - { - "name" : "oval:org.mitre.oval:def:3810", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810" - }, - { - "name" : "oval:org.mitre.oval:def:3881", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881" - }, - { - "name" : "oval:org.mitre.oval:def:4003", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003" - }, - { - "name" : "oval:org.mitre.oval:def:4216", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216" - }, - { - "name" : "oval:org.mitre.oval:def:4307", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307" - }, - { - "name" : "win-jpeg-bo(16304)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:3038", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038" + }, + { + "name": "oval:org.mitre.oval:def:1105", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105" + }, + { + "name": "VU#297462", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/297462" + }, + { + "name": "TA04-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-260A.html" + }, + { + "name": "oval:org.mitre.oval:def:3320", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320" + }, + { + "name": "oval:org.mitre.oval:def:2706", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706" + }, + { + "name": "20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109524346729948&w=2" + }, + { + "name": "oval:org.mitre.oval:def:1721", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721" + }, + { + "name": "oval:org.mitre.oval:def:3082", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082" + }, + { + "name": "MS04-028", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028" + }, + { + "name": "oval:org.mitre.oval:def:4003", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003" + }, + { + "name": "oval:org.mitre.oval:def:3810", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810" + }, + { + "name": "oval:org.mitre.oval:def:4216", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216" + }, + { + "name": "oval:org.mitre.oval:def:4307", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307" + }, + { + "name": "oval:org.mitre.oval:def:3881", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881" + }, + { + "name": "win-jpeg-bo(16304)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16304" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0240.json b/2004/0xxx/CVE-2004-0240.json index 98e638b5298..a701931dc8c 100644 --- a/2004/0xxx/CVE-2004-0240.json +++ b/2004/0xxx/CVE-2004-0240.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040203 X-Cart vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107582648326448&w=2" - }, - { - "name" : "xcart-dotdot-directory-traversal(15033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xcart-dotdot-directory-traversal(15033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15033" + }, + { + "name": "20040203 X-Cart vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107582648326448&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0812.json b/2004/0xxx/CVE-2004-0812.json index 55883a5e035..becbb409189 100644 --- a/2004/0xxx/CVE-2004-0812.json +++ b/2004/0xxx/CVE-2004-0812.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with \"setting up TSS limits,\" allows local users to cause a denial of service (crash) and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2004:549", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-549.html" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ" - }, - { - "name" : "P-047", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-047.shtml" - }, - { - "name" : "11794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11794" - }, - { - "name" : "oval:org.mitre.oval:def:11375", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11375" - }, - { - "name" : "13359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13359" - }, - { - "name" : "linux-tss-gain-privilege(18346)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with \"setting up TSS limits,\" allows local users to cause a denial of service (crash) and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13359" + }, + { + "name": "linux-tss-gain-privilege(18346)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18346" + }, + { + "name": "oval:org.mitre.oval:def:11375", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11375" + }, + { + "name": "RHSA-2004:549", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-549.html" + }, + { + "name": "P-047", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-047.shtml" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ" + }, + { + "name": "11794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11794" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0841.json b/2004/0xxx/CVE-2004-0841.json index c5d3c7236e6..7514500f0c9 100644 --- a/2004/0xxx/CVE-2004-0841.json +++ b/2004/0xxx/CVE-2004-0841.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040711 HijackClick 3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/368652" - }, - { - "name" : "20040712 Re: HijackClick 3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/368666" - }, - { - "name" : "20040712 Brand New Hole: Internet Explorer: HijackClick 3", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html" - }, - { - "name" : "MS04-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" - }, - { - "name" : "TA04-293A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" - }, - { - "name" : "VU#413886", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/413886" - }, - { - "name" : "10690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10690" - }, - { - "name" : "7774", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7774" - }, - { - "name" : "oval:org.mitre.oval:def:2611", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611" - }, - { - "name" : "oval:org.mitre.oval:def:4363", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363" - }, - { - "name" : "oval:org.mitre.oval:def:5620", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620" - }, - { - "name" : "oval:org.mitre.oval:def:6031", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031" - }, - { - "name" : "oval:org.mitre.oval:def:6048", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048" - }, - { - "name" : "oval:org.mitre.oval:def:8077", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077" - }, - { - "name" : "1010679", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010679" - }, - { - "name" : "12048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12048" - }, - { - "name" : "ie-popupshow-perform-actions(16675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#413886", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/413886" + }, + { + "name": "1010679", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010679" + }, + { + "name": "oval:org.mitre.oval:def:2611", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611" + }, + { + "name": "MS04-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" + }, + { + "name": "oval:org.mitre.oval:def:8077", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077" + }, + { + "name": "12048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12048" + }, + { + "name": "ie-popupshow-perform-actions(16675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" + }, + { + "name": "TA04-293A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" + }, + { + "name": "oval:org.mitre.oval:def:4363", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363" + }, + { + "name": "10690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10690" + }, + { + "name": "7774", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7774" + }, + { + "name": "oval:org.mitre.oval:def:5620", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620" + }, + { + "name": "oval:org.mitre.oval:def:6031", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031" + }, + { + "name": "20040711 HijackClick 3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/368652" + }, + { + "name": "oval:org.mitre.oval:def:6048", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048" + }, + { + "name": "20040712 Re: HijackClick 3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/368666" + }, + { + "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0971.json b/2004/0xxx/CVE-2004-0971.json index ef8a9391428..1652c84e27d 100644 --- a/2004/0xxx/CVE-2004-0971.json +++ b/2004/0xxx/CVE-2004-0971.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200410-24", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml" - }, - { - "name" : "RHSA-2005:012", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-012.html" - }, - { - "name" : "2004-0050", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0050" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304" - }, - { - "name" : "11289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11289" - }, - { - "name" : "oval:org.mitre.oval:def:10497", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497" - }, - { - "name" : "script-temporary-file-overwrite(17583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "script-temporary-file-overwrite(17583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" + }, + { + "name": "2004-0050", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0050" + }, + { + "name": "11289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11289" + }, + { + "name": "GLSA-200410-24", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304" + }, + { + "name": "RHSA-2005:012", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-012.html" + }, + { + "name": "oval:org.mitre.oval:def:10497", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1841.json b/2004/1xxx/CVE-2004-1841.json index 7e3bc5e88bb..3cb5ba43744 100644 --- a/2004/1xxx/CVE-2004-1841.json +++ b/2004/1xxx/CVE-2004-1841.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040322 [waraxe-2004-SA#011 Multiple vulnerabilities in MS Analysis v2.0 module for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108006319730976&w=2" - }, - { - "name" : "9948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9948" - }, - { - "name" : "msanalysis-referer-sql-injection(15576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9948" + }, + { + "name": "msanalysis-referer-sql-injection(15576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15576" + }, + { + "name": "20040322 [waraxe-2004-SA#011 Multiple vulnerabilities in MS Analysis v2.0 module for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108006319730976&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2276.json b/2004/2xxx/CVE-2004-2276.json index 5ff1eb11ccf..d07f512f622 100644 --- a/2004/2xxx/CVE-2004-2276.json +++ b/2004/2xxx/CVE-2004-2276.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-linux-hotfixes.shtml", - "refsource" : "CONFIRM", - "url" : "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-linux-hotfixes.shtml" - }, - { - "name" : "http://support.f-secure.de/ger/home/downloads/hotfixes/av5-hotfixes.shtml", - "refsource" : "CONFIRM", - "url" : "http://support.f-secure.de/ger/home/downloads/hotfixes/av5-hotfixes.shtml" - }, - { - "name" : "6409", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6409" - }, - { - "name" : "11699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11699" - }, - { - "name" : "fsecure-sober-detection-bypass(16243)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11699" + }, + { + "name": "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-linux-hotfixes.shtml", + "refsource": "CONFIRM", + "url": "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-linux-hotfixes.shtml" + }, + { + "name": "http://support.f-secure.de/ger/home/downloads/hotfixes/av5-hotfixes.shtml", + "refsource": "CONFIRM", + "url": "http://support.f-secure.de/ger/home/downloads/hotfixes/av5-hotfixes.shtml" + }, + { + "name": "fsecure-sober-detection-bypass(16243)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16243" + }, + { + "name": "6409", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6409" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2655.json b/2004/2xxx/CVE-2004-2655.json index ed5d199cefc..82d2c70fa79 100644 --- a/2004/2xxx/CVE-2004-2655.json +++ b/2004/2xxx/CVE-2004-2655.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2004-2655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html", - "refsource" : "MISC", - "url" : "http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html" - }, - { - "name" : "http://www.jwz.org/xscreensaver/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://www.jwz.org/xscreensaver/changelog.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm" - }, - { - "name" : "MDKSA-2006:071", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:071" - }, - { - "name" : "RHSA-2006:0498", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0498.html" - }, - { - "name" : "20060602-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" - }, - { - "name" : "SUSE-SR:2006:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html" - }, - { - "name" : "USN-269-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/269-1/" - }, - { - "name" : "17471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17471" - }, - { - "name" : "oval:org.mitre.oval:def:10096", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10096" - }, - { - "name" : "1016150", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016150" - }, - { - "name" : "1016151", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016151" - }, - { - "name" : "20226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20226" - }, - { - "name" : "20456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20456" - }, - { - "name" : "20782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20782" - }, - { - "name" : "22080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.jwz.org/xscreensaver/changelog.html", + "refsource": "CONFIRM", + "url": "http://www.jwz.org/xscreensaver/changelog.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm" + }, + { + "name": "http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html", + "refsource": "MISC", + "url": "http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html" + }, + { + "name": "SUSE-SR:2006:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html" + }, + { + "name": "MDKSA-2006:071", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:071" + }, + { + "name": "20782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20782" + }, + { + "name": "RHSA-2006:0498", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0498.html" + }, + { + "name": "oval:org.mitre.oval:def:10096", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10096" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149" + }, + { + "name": "20060602-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" + }, + { + "name": "22080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22080" + }, + { + "name": "20456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20456" + }, + { + "name": "1016151", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016151" + }, + { + "name": "17471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17471" + }, + { + "name": "USN-269-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/269-1/" + }, + { + "name": "1016150", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016150" + }, + { + "name": "20226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20226" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2581.json b/2008/2xxx/CVE-2008-2581.json index 73bf6d657d6..0323920adb9 100644 --- a/2008/2xxx/CVE-2008-2581.json +++ b/2008/2xxx/CVE-2008-2581.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020498", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020498" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - }, - { - "name" : "oracle-weblogic-uddiexplorer-unauth-access(43824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "oracle-weblogic-uddiexplorer-unauth-access(43824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43824" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + }, + { + "name": "1020498", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020498" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2677.json b/2008/2xxx/CVE-2008-2677.json index 32e1f524899..306d11037b1 100644 --- a/2008/2xxx/CVE-2008-2677.json +++ b/2008/2xxx/CVE-2008-2677.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5764", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5764" - }, - { - "name" : "29614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29614" - }, - { - "name" : "telephonedirectory2008-edit1-xss(42972)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5764", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5764" + }, + { + "name": "29614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29614" + }, + { + "name": "telephonedirectory2008-edit1-xss(42972)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42972" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2832.json b/2008/2xxx/CVE-2008-2832.json index d312eea0595..539f9d15a93 100644 --- a/2008/2xxx/CVE-2008-2832.json +++ b/2008/2xxx/CVE-2008-2832.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5850", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5850" - }, - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html" - }, - { - "name" : "29795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29795" - }, - { - "name" : "aspwebcalendar-calendaradmin-file-upload(43201)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspwebcalendar-calendaradmin-file-upload(43201)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43201" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html" + }, + { + "name": "5850", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5850" + }, + { + "name": "29795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29795" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6117.json b/2008/6xxx/CVE-2008-6117.json index 0ff4a447ad7..9291a257cf8 100644 --- a/2008/6xxx/CVE-2008-6117.json +++ b/2008/6xxx/CVE-2008-6117.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7202", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7202" - }, - { - "name" : "32434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32434" - }, - { - "name" : "32837", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32837" - }, - { - "name" : "ADV-2008-3237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3237" - }, - { - "name" : "jobsitepro-homepage-sql-injection(46789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jobsitepro-homepage-sql-injection(46789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46789" + }, + { + "name": "7202", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7202" + }, + { + "name": "32837", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32837" + }, + { + "name": "32434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32434" + }, + { + "name": "ADV-2008-3237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3237" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6235.json b/2008/6xxx/CVE-2008-6235.json index f5127c495ac..a062feebb6e 100644 --- a/2008/6xxx/CVE-2008-6235.json +++ b/2008/6xxx/CVE-2008-6235.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081016 CVE request - Vim netrw.plugin", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/16/2" - }, - { - "name" : "[oss-security] 20081020 CVE request (vim)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/20/2" - }, - { - "name" : "http://www.rdancer.org/vulnerablevim-netrw.html", - "refsource" : "MISC", - "url" : "http://www.rdancer.org/vulnerablevim-netrw.html" - }, - { - "name" : "http://www.rdancer.org/vulnerablevim-netrw.v2.html", - "refsource" : "MISC", - "url" : "http://www.rdancer.org/vulnerablevim-netrw.v2.html" - }, - { - "name" : "http://www.rdancer.org/vulnerablevim-netrw.v5.html", - "refsource" : "MISC", - "url" : "http://www.rdancer.org/vulnerablevim-netrw.v5.html" - }, - { - "name" : "RHSA-2008:0580", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0580.html" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:11247", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "http://www.rdancer.org/vulnerablevim-netrw.v5.html", + "refsource": "MISC", + "url": "http://www.rdancer.org/vulnerablevim-netrw.v5.html" + }, + { + "name": "[oss-security] 20081020 CVE request (vim)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2" + }, + { + "name": "http://www.rdancer.org/vulnerablevim-netrw.html", + "refsource": "MISC", + "url": "http://www.rdancer.org/vulnerablevim-netrw.html" + }, + { + "name": "[oss-security] 20081016 CVE request - Vim netrw.plugin", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/16/2" + }, + { + "name": "RHSA-2008:0580", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "oval:org.mitre.oval:def:11247", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11247" + }, + { + "name": "http://www.rdancer.org/vulnerablevim-netrw.v2.html", + "refsource": "MISC", + "url": "http://www.rdancer.org/vulnerablevim-netrw.v2.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6271.json b/2008/6xxx/CVE-2008-6271.json index 2a8f51efc01..bb60278c7e1 100644 --- a/2008/6xxx/CVE-2008-6271.json +++ b/2008/6xxx/CVE-2008-6271.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6973", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6973" - }, - { - "name" : "32087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32087" - }, - { - "name" : "32462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32462" - }, - { - "name" : "tbmnetcms-index-file-include(46314)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tbmnetcms-index-file-include(46314)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46314" + }, + { + "name": "6973", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6973" + }, + { + "name": "32087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32087" + }, + { + "name": "32462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32462" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6562.json b/2008/6xxx/CVE-2008-6562.json index ed6fc9011d5..4e84d13587a 100644 --- a/2008/6xxx/CVE-2008-6562.json +++ b/2008/6xxx/CVE-2008-6562.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28518" - }, - { - "name" : "jax-jaxlinklists-xss(41573)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28518" + }, + { + "name": "jax-jaxlinklists-xss(41573)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41573" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1024.json b/2012/1xxx/CVE-2012-1024.json index 62108f714d9..7b37a9309d4 100644 --- a/2012/1xxx/CVE-2012-1024.json +++ b/2012/1xxx/CVE-2012-1024.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18343", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18343" - }, - { - "name" : "enigma2-webinterface-directory-traversal(73109)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18343", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18343" + }, + { + "name": "enigma2-webinterface-directory-traversal(73109)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73109" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5028.json b/2012/5xxx/CVE-2012-5028.json index 44be042e77c..a26d208539b 100644 --- a/2012/5xxx/CVE-2012-5028.json +++ b/2012/5xxx/CVE-2012-5028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5028", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5028", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5150.json b/2012/5xxx/CVE-2012-5150.json index 543c731c2d0..1d84d771402 100644 --- a/2012/5xxx/CVE-2012-5150.json +++ b/2012/5xxx/CVE-2012-5150.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=165601", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=165601" - }, - { - "name" : "openSUSE-SU-2013:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:16440", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=165601", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=165601" + }, + { + "name": "oval:org.mitre.oval:def:16440", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16440" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5407.json b/2012/5xxx/CVE-2012-5407.json index 013fb70c7ba..c1f3d18b3e7 100644 --- a/2012/5xxx/CVE-2012-5407.json +++ b/2012/5xxx/CVE-2012-5407.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5407", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5407", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5441.json b/2012/5xxx/CVE-2012-5441.json index a4bc5100c4d..13da5ced722 100644 --- a/2012/5xxx/CVE-2012-5441.json +++ b/2012/5xxx/CVE-2012-5441.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5441", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5441", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11406.json b/2017/11xxx/CVE-2017-11406.json index b8b3b614591..cf2ea893805 100644 --- a/2017/11xxx/CVE-2017-11406.json +++ b/2017/11xxx/CVE-2017-11406.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-36.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-36.html" - }, - { - "name" : "99903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99903" - }, - { - "name" : "1038966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c" + }, + { + "name": "99903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99903" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-36.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-36.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797" + }, + { + "name": "1038966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038966" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11419.json b/2017/11xxx/CVE-2017-11419.json index 8d3d87960fe..8b4453d1ad3 100644 --- a/2017/11xxx/CVE-2017-11419.json +++ b/2017/11xxx/CVE-2017-11419.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FiyoCMS/FiyoCMS/issues/5", - "refsource" : "MISC", - "url" : "https://github.com/FiyoCMS/FiyoCMS/issues/5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FiyoCMS/FiyoCMS/issues/5", + "refsource": "MISC", + "url": "https://github.com/FiyoCMS/FiyoCMS/issues/5" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11532.json b/2017/11xxx/CVE-2017-11532.json index 8c46fd72c90..fff2ce81579 100644 --- a/2017/11xxx/CVE-2017-11532.json +++ b/2017/11xxx/CVE-2017-11532.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/563", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/563", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/563" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11604.json b/2017/11xxx/CVE-2017-11604.json index ed88e2128a3..75de70afb81 100644 --- a/2017/11xxx/CVE-2017-11604.json +++ b/2017/11xxx/CVE-2017-11604.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11604", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11604", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11961.json b/2017/11xxx/CVE-2017-11961.json index 1e315cd610e..b1a40a573f0 100644 --- a/2017/11xxx/CVE-2017-11961.json +++ b/2017/11xxx/CVE-2017-11961.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11961", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11961", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15926.json b/2017/15xxx/CVE-2017-15926.json index a6728d63d11..a009ffda379 100644 --- a/2017/15xxx/CVE-2017-15926.json +++ b/2017/15xxx/CVE-2017-15926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3006.json b/2017/3xxx/CVE-2017-3006.json index 8479cf43f7c..3a419ab0c33 100644 --- a/2017/3xxx/CVE-2017-3006.json +++ b/2017/3xxx/CVE-2017-3006.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Thor 3.9.5.353 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Thor 3.9.5.353 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Default Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Thor 3.9.5.353 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Thor 3.9.5.353 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41878", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41878/" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt" - }, - { - "name" : "https://helpx.adobe.com/security/products/creative-cloud/apsb17-13.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/creative-cloud/apsb17-13.html" - }, - { - "name" : "97555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41878", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41878/" + }, + { + "name": "97555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97555" + }, + { + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb17-13.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb17-13.html" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3254.json b/2017/3xxx/CVE-2017-3254.json index 84ba21d2fc0..1abd82bc6a7 100644 --- a/2017/3xxx/CVE-2017-3254.json +++ b/2017/3xxx/CVE-2017-3254.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Retail Invoice Matching", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0" - }, - { - "version_affected" : "=", - "version_value" : "13.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Retail Invoice Matching component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 12.0 and 13.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Invoice Matching. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Invoice Matching accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Invoice Matching accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Invoice Matching. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Invoice Matching. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Invoice Matching accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Invoice Matching accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Invoice Matching." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Invoice Matching", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0" + }, + { + "version_affected": "=", + "version_value": "13.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Invoice Matching component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 12.0 and 13.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Invoice Matching. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Invoice Matching accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Invoice Matching accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Invoice Matching. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Invoice Matching. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Invoice Matching accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Invoice Matching accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Invoice Matching." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97756" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3539.json b/2017/3xxx/CVE-2017-3539.json index 3de2f3ef61e..7073db5b690 100644 --- a/2017/3xxx/CVE-2017-3539.json +++ b/2017/3xxx/CVE-2017-3539.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u141" - }, - { - "version_affected" : "=", - "version_value" : "7u131" - }, - { - "version_affected" : "=", - "version_value" : "8u121; Java SE Embedded: 8u121" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u141" + }, + { + "version_affected": "=", + "version_value": "7u131" + }, + { + "version_affected": "=", + "version_value": "8u121; Java SE Embedded: 8u121" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "DSA-3858", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3858" - }, - { - "name" : "GLSA-201705-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-03" - }, - { - "name" : "GLSA-201707-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-01" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "RHSA-2017:1108", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1108" - }, - { - "name" : "RHSA-2017:1109", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1109" - }, - { - "name" : "RHSA-2017:1117", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1117" - }, - { - "name" : "RHSA-2017:1118", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1118" - }, - { - "name" : "RHSA-2017:1119", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1119" - }, - { - "name" : "RHSA-2017:1204", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1204" - }, - { - "name" : "RHSA-2017:1220", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1220" - }, - { - "name" : "RHSA-2017:1221", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1221" - }, - { - "name" : "RHSA-2017:1222", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1222" - }, - { - "name" : "97752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97752" - }, - { - "name" : "1038286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1221", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1221" + }, + { + "name": "GLSA-201705-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-03" + }, + { + "name": "97752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97752" + }, + { + "name": "RHSA-2017:1220", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1220" + }, + { + "name": "RHSA-2017:1117", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1117" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "RHSA-2017:1109", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1109" + }, + { + "name": "1038286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038286" + }, + { + "name": "DSA-3858", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3858" + }, + { + "name": "RHSA-2017:1108", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1108" + }, + { + "name": "RHSA-2017:1204", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1204" + }, + { + "name": "RHSA-2017:1118", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1118" + }, + { + "name": "GLSA-201707-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-01" + }, + { + "name": "RHSA-2017:1222", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1222" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + }, + { + "name": "RHSA-2017:1119", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1119" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3911.json b/2017/3xxx/CVE-2017-3911.json index 657193135af..da492347d4e 100644 --- a/2017/3xxx/CVE-2017-3911.json +++ b/2017/3xxx/CVE-2017-3911.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3911", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3911", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7051.json b/2017/7xxx/CVE-2017-7051.json index 0f18e89274a..6304e3c0539 100644 --- a/2017/7xxx/CVE-2017-7051.json +++ b/2017/7xxx/CVE-2017-7051.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207922", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207922" - }, - { - "name" : "99882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99882" - }, - { - "name" : "1038951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038951" + }, + { + "name": "99882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99882" + }, + { + "name": "https://support.apple.com/HT207922", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207922" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8229.json b/2017/8xxx/CVE-2017-8229.json index dcc5d196126..774866c1858 100644 --- a/2017/8xxx/CVE-2017-8229.json +++ b/2017/8xxx/CVE-2017-8229.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8229", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8229", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8755.json b/2017/8xxx/CVE-2017-8755.json index 155c88d834a..8eb74bbcd27 100644 --- a/2017/8xxx/CVE-2017-8755.json +++ b/2017/8xxx/CVE-2017-8755.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42766", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42766/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8755", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8755" - }, - { - "name" : "100778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100778" - }, - { - "name" : "1039342", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039342", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039342" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8755", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8755" + }, + { + "name": "42766", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42766/" + }, + { + "name": "100778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100778" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8941.json b/2017/8xxx/CVE-2017-8941.json index 5cfa6fe8923..bd161391fe8 100644 --- a/2017/8xxx/CVE-2017-8941.json +++ b/2017/8xxx/CVE-2017-8941.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8975.json b/2017/8xxx/CVE-2017-8975.json index 3e4923a1bec..d8a49264fba 100644 --- a/2017/8xxx/CVE-2017-8975.json +++ b/2017/8xxx/CVE-2017-8975.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2017-8975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moonshot Provisioning Manager Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "v1.20" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2017-8975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moonshot Provisioning Manager Appliance", + "version": { + "version_data": [ + { + "version_value": "v1.20" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us" - }, - { - "name" : "102410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us" + }, + { + "name": "102410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102410" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10429.json b/2018/10xxx/CVE-2018-10429.json index d166b6c9e76..e48c2ab343e 100644 --- a/2018/10xxx/CVE-2018-10429.json +++ b/2018/10xxx/CVE-2018-10429.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/CosmoCMS/Cosmo/issues/405", - "refsource" : "MISC", - "url" : "https://github.com/CosmoCMS/Cosmo/issues/405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/CosmoCMS/Cosmo/issues/405", + "refsource": "MISC", + "url": "https://github.com/CosmoCMS/Cosmo/issues/405" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10747.json b/2018/10xxx/CVE-2018-10747.json index 04446ec0b4b..b1ab182a4e5 100644 --- a/2018/10xxx/CVE-2018-10747.json +++ b/2018/10xxx/CVE-2018-10747.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/unset.md", - "refsource" : "MISC", - "url" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/unset.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/unset.md", + "refsource": "MISC", + "url": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/unset.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12133.json b/2018/12xxx/CVE-2018-12133.json index 299861c0e59..5d7cd4dfc5e 100644 --- a/2018/12xxx/CVE-2018-12133.json +++ b/2018/12xxx/CVE-2018-12133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12315.json b/2018/12xxx/CVE-2018-12315.json index 7902ccee2fc..c269c152f8f 100644 --- a/2018/12xxx/CVE-2018-12315.json +++ b/2018/12xxx/CVE-2018-12315.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12493.json b/2018/12xxx/CVE-2018-12493.json index faf1876d203..ba0a9ed5645 100644 --- a/2018/12xxx/CVE-2018-12493.json +++ b/2018/12xxx/CVE-2018-12493.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue discovered in PublicCMS V4.0.20180210. There is a \"Directory Traversal\" and \"Arbitrary file read\" vulnerability via an admin/cmsWebFile/list.html?path=../ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sanluan/PublicCMS/issues/12", - "refsource" : "MISC", - "url" : "https://github.com/sanluan/PublicCMS/issues/12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PublicCMS V4.0.20180210. There is a \"Directory Traversal\" and \"Arbitrary file read\" vulnerability via an admin/cmsWebFile/list.html?path=../ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sanluan/PublicCMS/issues/12", + "refsource": "MISC", + "url": "https://github.com/sanluan/PublicCMS/issues/12" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12524.json b/2018/12xxx/CVE-2018-12524.json index a173a9befc9..3bc4ae78f1e 100644 --- a/2018/12xxx/CVE-2018-12524.json +++ b/2018/12xxx/CVE-2018-12524.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44910", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44910/" - }, - { - "name" : "https://pastebin.com/eA5tGKf0", - "refsource" : "MISC", - "url" : "https://pastebin.com/eA5tGKf0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/eA5tGKf0", + "refsource": "MISC", + "url": "https://pastebin.com/eA5tGKf0" + }, + { + "name": "44910", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44910/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12828.json b/2018/12xxx/CVE-2018-12828.json index c1705b9af95..beaec2a20bd 100644 --- a/2018/12xxx/CVE-2018-12828.json +++ b/2018/12xxx/CVE-2018-12828.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 30.0.0.134 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 30.0.0.134 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player 30.0.0.134 and earlier have a \"use of a component with a known vulnerability\" vulnerability. Successful exploitation could lead to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use of a component with a known vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 30.0.0.134 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 30.0.0.134 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html" - }, - { - "name" : "RHSA-2018:2435", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2435" - }, - { - "name" : "105071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105071" - }, - { - "name" : "1041448", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player 30.0.0.134 and earlier have a \"use of a component with a known vulnerability\" vulnerability. Successful exploitation could lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use of a component with a known vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2435", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2435" + }, + { + "name": "105071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105071" + }, + { + "name": "1041448", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041448" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12907.json b/2018/12xxx/CVE-2018-12907.json index fb241b37bc9..bb4be4b526c 100644 --- a/2018/12xxx/CVE-2018-12907.json +++ b/2018/12xxx/CVE-2018-12907.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Rclone 1.42, use of \"rclone sync\" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a \"RESTLESS\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2018/06/27/3", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2018/06/27/3" - }, - { - "name" : "https://www.danieldent.com/blog/restless-vulnerability-non-browser-cross-domain-http-request-attacks/", - "refsource" : "MISC", - "url" : "https://www.danieldent.com/blog/restless-vulnerability-non-browser-cross-domain-http-request-attacks/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Rclone 1.42, use of \"rclone sync\" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a \"RESTLESS\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2018/06/27/3", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2018/06/27/3" + }, + { + "name": "https://www.danieldent.com/blog/restless-vulnerability-non-browser-cross-domain-http-request-attacks/", + "refsource": "MISC", + "url": "https://www.danieldent.com/blog/restless-vulnerability-non-browser-cross-domain-http-request-attacks/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13236.json b/2018/13xxx/CVE-2018-13236.json index 425b4ee6c73..ae047e93d1d 100644 --- a/2018/13xxx/CVE-2018-13236.json +++ b/2018/13xxx/CVE-2018-13236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13236", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13236", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13921.json b/2018/13xxx/CVE-2018-13921.json index 0c5169110fb..1f634f6df66 100644 --- a/2018/13xxx/CVE-2018-13921.json +++ b/2018/13xxx/CVE-2018-13921.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13921", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13921", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16032.json b/2018/16xxx/CVE-2018-16032.json index 98016b0e81d..0e51f7afaf9 100644 --- a/2018/16xxx/CVE-2018-16032.json +++ b/2018/16xxx/CVE-2018-16032.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16219.json b/2018/16xxx/CVE-2018-16219.json index ea734ac9574..1456e32601c 100644 --- a/2018/16xxx/CVE-2018-16219.json +++ b/2018/16xxx/CVE-2018-16219.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16219", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16219", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17126.json b/2018/17xxx/CVE-2018-17126.json index f293c303a5d..fe977b22598 100644 --- a/2018/17xxx/CVE-2018-17126.json +++ b/2018/17xxx/CVE-2018-17126.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\\plugins\\sys\\Install.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md#cscms_getshell", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md#cscms_getshell" - }, - { - "name" : "https://www.patec.cn/newsshow.php?cid=24&id=125", - "refsource" : "MISC", - "url" : "https://www.patec.cn/newsshow.php?cid=24&id=125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\\plugins\\sys\\Install.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md#cscms_getshell", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md#cscms_getshell" + }, + { + "name": "https://www.patec.cn/newsshow.php?cid=24&id=125", + "refsource": "MISC", + "url": "https://www.patec.cn/newsshow.php?cid=24&id=125" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17391.json b/2018/17xxx/CVE-2018-17391.json index 14e061efb3f..64e48fff99c 100644 --- a/2018/17xxx/CVE-2018-17391.json +++ b/2018/17xxx/CVE-2018-17391.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45463", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45463/" - }, - { - "name" : "http://packetstormsecurity.com/files/149519/Super-Cms-Blog-Pro-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149519/Super-Cms-Blog-Pro-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149519/Super-Cms-Blog-Pro-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149519/Super-Cms-Blog-Pro-1.0-SQL-Injection.html" + }, + { + "name": "45463", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45463/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17945.json b/2018/17xxx/CVE-2018-17945.json index 42acb53d065..7868f5fe739 100644 --- a/2018/17xxx/CVE-2018-17945.json +++ b/2018/17xxx/CVE-2018-17945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file