From 4784d6ba8b8e85d79d687bf262d782b2d5fa1638 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:54:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/1xxx/CVE-2003-1012.json | 240 ++++++++++++++++----------------- 2004/0xxx/CVE-2004-0040.json | 190 +++++++++++++------------- 2004/0xxx/CVE-2004-0570.json | 34 ++--- 2004/1xxx/CVE-2004-1027.json | 190 +++++++++++++------------- 2004/1xxx/CVE-2004-1383.json | 160 +++++++++++----------- 2004/1xxx/CVE-2004-1582.json | 160 +++++++++++----------- 2004/2xxx/CVE-2004-2006.json | 160 +++++++++++----------- 2004/2xxx/CVE-2004-2328.json | 150 ++++++++++----------- 2004/2xxx/CVE-2004-2393.json | 190 +++++++++++++------------- 2008/2xxx/CVE-2008-2075.json | 200 +++++++++++++-------------- 2008/2xxx/CVE-2008-2160.json | 170 +++++++++++------------ 2008/2xxx/CVE-2008-2505.json | 140 +++++++++---------- 2008/2xxx/CVE-2008-2722.json | 180 ++++++++++++------------- 2008/6xxx/CVE-2008-6280.json | 150 ++++++++++----------- 2008/6xxx/CVE-2008-6646.json | 140 +++++++++---------- 2012/1xxx/CVE-2012-1493.json | 150 ++++++++++----------- 2012/5xxx/CVE-2012-5127.json | 170 +++++++++++------------ 2012/5xxx/CVE-2012-5135.json | 190 +++++++++++++------------- 2012/5xxx/CVE-2012-5844.json | 34 ++--- 2017/11xxx/CVE-2017-11153.json | 132 +++++++++--------- 2017/11xxx/CVE-2017-11600.json | 180 ++++++++++++------------- 2017/11xxx/CVE-2017-11723.json | 120 ++++++++--------- 2017/11xxx/CVE-2017-11812.json | 142 +++++++++---------- 2017/11xxx/CVE-2017-11985.json | 34 ++--- 2017/15xxx/CVE-2017-15481.json | 34 ++--- 2017/15xxx/CVE-2017-15562.json | 34 ++--- 2017/3xxx/CVE-2017-3194.json | 150 ++++++++++----------- 2017/3xxx/CVE-2017-3818.json | 140 +++++++++---------- 2017/8xxx/CVE-2017-8043.json | 34 ++--- 2017/8xxx/CVE-2017-8378.json | 120 ++++++++--------- 2018/12xxx/CVE-2018-12156.json | 34 ++--- 2018/12xxx/CVE-2018-12472.json | 182 ++++++++++++------------- 2018/12xxx/CVE-2018-12739.json | 130 +++++++++--------- 2018/12xxx/CVE-2018-12835.json | 140 +++++++++---------- 2018/13xxx/CVE-2018-13029.json | 34 ++--- 2018/13xxx/CVE-2018-13179.json | 130 +++++++++--------- 2018/13xxx/CVE-2018-13688.json | 130 +++++++++--------- 2018/13xxx/CVE-2018-13805.json | 162 +++++++++++----------- 2018/16xxx/CVE-2018-16062.json | 140 +++++++++---------- 2018/16xxx/CVE-2018-16080.json | 162 +++++++++++----------- 2018/16xxx/CVE-2018-16121.json | 34 ++--- 2018/16xxx/CVE-2018-16207.json | 34 ++--- 2018/16xxx/CVE-2018-16580.json | 34 ++--- 2018/17xxx/CVE-2018-17069.json | 120 ++++++++--------- 2018/17xxx/CVE-2018-17582.json | 130 +++++++++--------- 2018/17xxx/CVE-2018-17667.json | 130 +++++++++--------- 46 files changed, 2922 insertions(+), 2922 deletions(-) diff --git a/2003/1xxx/CVE-2003-1012.json b/2003/1xxx/CVE-2003-1012.json index 094eea81260..2e0ba22d330 100644 --- a/2003/1xxx/CVE-2003-1012.json +++ b/2003/1xxx/CVE-2003-1012.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html" - }, - { - "name" : "DSA-407", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-407" - }, - { - "name" : "RHSA-2004:001", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-001.html" - }, - { - "name" : "RHSA-2004:002", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-002.html" - }, - { - "name" : "CLA-2004:801", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801" - }, - { - "name" : "MDKSA-2004:002", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:002" - }, - { - "name" : "20040103-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc" - }, - { - "name" : "20040202-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" - }, - { - "name" : "oval:org.mitre.oval:def:856", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A856" - }, - { - "name" : "oval:org.mitre.oval:def:10202", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10202" - }, - { - "name" : "10531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10531" - }, - { - "name" : "10568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10568" - }, - { - "name" : "10570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00012.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00012.html" + }, + { + "name": "20040202-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" + }, + { + "name": "MDKSA-2004:002", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:002" + }, + { + "name": "oval:org.mitre.oval:def:10202", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10202" + }, + { + "name": "RHSA-2004:001", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-001.html" + }, + { + "name": "10568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10568" + }, + { + "name": "oval:org.mitre.oval:def:856", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A856" + }, + { + "name": "DSA-407", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-407" + }, + { + "name": "RHSA-2004:002", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-002.html" + }, + { + "name": "10531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10531" + }, + { + "name": "10570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10570" + }, + { + "name": "20040103-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc" + }, + { + "name": "CLA-2004:801", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0040.json b/2004/0xxx/CVE-2004-0040.json index e7525e09f16..df0e803c916 100644 --- a/2004/0xxx/CVE-2004-0040.json +++ b/2004/0xxx/CVE-2004-0040.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/163" - }, - { - "name" : "20040205 Two checkpoint fw-1/vpn-1 vulns", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107604682227031&w=2" - }, - { - "name" : "VU#873334", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/873334" - }, - { - "name" : "O-073", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-073.shtml" - }, - { - "name" : "9582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9582" - }, - { - "name" : "3821", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3821" - }, - { - "name" : "4432", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4432" - }, - { - "name" : "vpn1-ike-bo(14150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040205 Two checkpoint fw-1/vpn-1 vulns", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107604682227031&w=2" + }, + { + "name": "VU#873334", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/873334" + }, + { + "name": "9582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9582" + }, + { + "name": "4432", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4432" + }, + { + "name": "vpn1-ike-bo(14150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14150" + }, + { + "name": "O-073", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-073.shtml" + }, + { + "name": "3821", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3821" + }, + { + "name": "20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/163" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0570.json b/2004/0xxx/CVE-2004-0570.json index 41e1b7e19c3..5b775d76e51 100644 --- a/2004/0xxx/CVE-2004-0570.json +++ b/2004/0xxx/CVE-2004-0570.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0570", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0570", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1027.json b/2004/1xxx/CVE-2004-1027.json index bd8d5fa4e28..92d27dac88b 100644 --- a/2004/1xxx/CVE-2004-1027.json +++ b/2004/1xxx/CVE-2004-1027.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041010 unarj dir-transversal bug (../../../..)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html" - }, - { - "name" : "DSA-628", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-628" - }, - { - "name" : "DSA-652", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-652" - }, - { - "name" : "FLSA:2272", - "refsource" : "FEDORA", - "url" : "http://lwn.net/Articles/121827/" - }, - { - "name" : "GLSA-200411-29", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200411-29.xml" - }, - { - "name" : "RHSA-2005:007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-007.html" - }, - { - "name" : "unarj-directory-traversal(17684)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684" - }, - { - "name" : "11436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "unarj-directory-traversal(17684)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684" + }, + { + "name": "DSA-652", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-652" + }, + { + "name": "RHSA-2005:007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html" + }, + { + "name": "DSA-628", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-628" + }, + { + "name": "11436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11436" + }, + { + "name": "FLSA:2272", + "refsource": "FEDORA", + "url": "http://lwn.net/Articles/121827/" + }, + { + "name": "GLSA-200411-29", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200411-29.xml" + }, + { + "name": "20041010 unarj dir-transversal bug (../../../..)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1383.json b/2004/1xxx/CVE-2004-1383.json index 877ba409756..16136aecedc 100644 --- a/2004/1xxx/CVE-2004-1383.json +++ b/2004/1xxx/CVE-2004-1383.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110312656029072&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00054-12142004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00054-12142004" - }, - { - "name" : "GLSA-200501-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml" - }, - { - "name" : "11952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11952" - }, - { - "name" : "phpgroupware-projectid-sql-injection(18498)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpgroupware-projectid-sql-injection(18498)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18498" + }, + { + "name": "20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110312656029072&w=2" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00054-12142004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00054-12142004" + }, + { + "name": "11952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11952" + }, + { + "name": "GLSA-200501-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1582.json b/2004/1xxx/CVE-2004-1582.json index e229c608ee9..0fc2315481c 100644 --- a/2004/1xxx/CVE-2004-1582.json +++ b/2004/1xxx/CVE-2004-1582.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called \"libpach\") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041006 Multiple vulnerabilities in BlackBoard", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109707701719659&w=2" - }, - { - "name" : "http://blackboard.unclassified.de/70,1#1031", - "refsource" : "CONFIRM", - "url" : "http://blackboard.unclassified.de/70,1#1031" - }, - { - "name" : "11336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11336" - }, - { - "name" : "12757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12757" - }, - { - "name" : "blackboard-lang-file-include(17637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called \"libpach\") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "blackboard-lang-file-include(17637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17637" + }, + { + "name": "http://blackboard.unclassified.de/70,1#1031", + "refsource": "CONFIRM", + "url": "http://blackboard.unclassified.de/70,1#1031" + }, + { + "name": "11336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11336" + }, + { + "name": "20041006 Multiple vulnerabilities in BlackBoard", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109707701719659&w=2" + }, + { + "name": "12757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12757" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2006.json b/2004/2xxx/CVE-2004-2006.json index 0295f88e940..cb7b52332a9 100644 --- a/2004/2xxx/CVE-2004-2006.json +++ b/2004/2xxx/CVE-2004-2006.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro OfficeScan 3.0 - 6.0 has default permissions of \"Everyone Full Control\" on the installation directory and registry keys, which allows local users to disable virus protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040507 Security issue with Trend OfficeScan Corporate Edition", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108395366909344&w=2" - }, - { - "name" : "10300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10300" - }, - { - "name" : "5990", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5990" - }, - { - "name" : "11576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11576" - }, - { - "name" : "officescan-configuration-modify(16092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro OfficeScan 3.0 - 6.0 has default permissions of \"Everyone Full Control\" on the installation directory and registry keys, which allows local users to disable virus protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040507 Security issue with Trend OfficeScan Corporate Edition", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108395366909344&w=2" + }, + { + "name": "10300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10300" + }, + { + "name": "officescan-configuration-modify(16092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092" + }, + { + "name": "11576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11576" + }, + { + "name": "5990", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5990" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2328.json b/2004/2xxx/CVE-2004-2328.json index 42cb26fbb80..f297c1822e0 100644 --- a/2004/2xxx/CVE-2004-2328.json +++ b/2004/2xxx/CVE-2004-2328.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9556" - }, - { - "name" : "3742", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3742" - }, - { - "name" : "10732", - "refsource" : "SECUNIA", - "url" : "http://www.secunia.com/advisories/10732/" - }, - { - "name" : "mailsweeper-smtp-rar-dos(14979)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10732", + "refsource": "SECUNIA", + "url": "http://www.secunia.com/advisories/10732/" + }, + { + "name": "3742", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3742" + }, + { + "name": "mailsweeper-smtp-rar-dos(14979)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14979" + }, + { + "name": "9556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9556" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2393.json b/2004/2xxx/CVE-2004-2393.json index 96f72b2dbd2..9cfdaa97952 100644 --- a/2004/2xxx/CVE-2004-2393.json +++ b/2004/2xxx/CVE-2004-2393.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57560", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57560-1" - }, - { - "name" : "201724", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201724-1" - }, - { - "name" : "1001273", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001273.1-1" - }, - { - "name" : "10387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10387" - }, - { - "name" : "6299", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6299" - }, - { - "name" : "1010193", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010193" - }, - { - "name" : "11639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11639" - }, - { - "name" : "sun-jsse-improper-validation(16194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1001273", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001273.1-1" + }, + { + "name": "11639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11639" + }, + { + "name": "6299", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6299" + }, + { + "name": "10387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10387" + }, + { + "name": "201724", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201724-1" + }, + { + "name": "sun-jsse-improper-validation(16194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16194" + }, + { + "name": "57560", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57560-1" + }, + { + "name": "1010193", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010193" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2075.json b/2008/2xxx/CVE-2008-2075.json index f8c79971607..04b08215979 100644 --- a/2008/2xxx/CVE-2008-2075.json +++ b/2008/2xxx/CVE-2008-2075.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080501 XSS in AstroCam", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491513/100/0/threaded" - }, - { - "name" : "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup", - "refsource" : "CONFIRM", - "url" : "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup" - }, - { - "name" : "http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup", - "refsource" : "CONFIRM", - "url" : "http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup" - }, - { - "name" : "http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126", - "refsource" : "CONFIRM", - "url" : "http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126" - }, - { - "name" : "http://www.wendzel.de/?sub=showpost&blogid=5&postid=56", - "refsource" : "CONFIRM", - "url" : "http://www.wendzel.de/?sub=showpost&blogid=5&postid=56" - }, - { - "name" : "28998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28998" - }, - { - "name" : "30039", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30039" - }, - { - "name" : "3852", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3852" - }, - { - "name" : "astrocam-pic-xss(42122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup", + "refsource": "CONFIRM", + "url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup" + }, + { + "name": "20080501 XSS in AstroCam", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491513/100/0/threaded" + }, + { + "name": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126", + "refsource": "CONFIRM", + "url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126" + }, + { + "name": "http://www.wendzel.de/?sub=showpost&blogid=5&postid=56", + "refsource": "CONFIRM", + "url": "http://www.wendzel.de/?sub=showpost&blogid=5&postid=56" + }, + { + "name": "30039", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30039" + }, + { + "name": "28998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28998" + }, + { + "name": "astrocam-pic-xss(42122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42122" + }, + { + "name": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup", + "refsource": "CONFIRM", + "url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup" + }, + { + "name": "3852", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3852" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2160.json b/2008/2xxx/CVE-2008-2160.json index aad690e5b87..0aa48338073 100644 --- a/2008/2xxx/CVE-2008-2160.json +++ b/2008/2xxx/CVE-2008-2160.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "948812", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/948812" - }, - { - "name" : "29147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29147" - }, - { - "name" : "ADV-2008-1469", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1469/references" - }, - { - "name" : "1020007", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020007" - }, - { - "name" : "30197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30197" - }, - { - "name" : "wince-jpeg-code-execution(42334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30197" + }, + { + "name": "29147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29147" + }, + { + "name": "948812", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/948812" + }, + { + "name": "1020007", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020007" + }, + { + "name": "ADV-2008-1469", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1469/references" + }, + { + "name": "wince-jpeg-code-execution(42334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42334" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2505.json b/2008/2xxx/CVE-2008-2505.json index bd2224c3bcb..c5cd13acf76 100644 --- a/2008/2xxx/CVE-2008-2505.json +++ b/2008/2xxx/CVE-2008-2505.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in result.php in Simpel Side Weblosning 1 through 4 allows remote attackers to inject arbitrary web script or HTML via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5664", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5664" - }, - { - "name" : "29332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29332" - }, - { - "name" : "weblosning-result-xss(42574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in result.php in Simpel Side Weblosning 1 through 4 allows remote attackers to inject arbitrary web script or HTML via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weblosning-result-xss(42574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42574" + }, + { + "name": "5664", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5664" + }, + { + "name": "29332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29332" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2722.json b/2008/2xxx/CVE-2008-2722.json index 3171c4d314a..eea4949f5f1 100644 --- a/2008/2xxx/CVE-2008-2722.json +++ b/2008/2xxx/CVE-2008-2722.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_2.2.5_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.2.5_released" - }, - { - "name" : "FEDORA-2008-5479", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html" - }, - { - "name" : "FEDORA-2008-5576", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html" - }, - { - "name" : "29681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29681" - }, - { - "name" : "30650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30650" - }, - { - "name" : "30826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30826" - }, - { - "name" : "gallery-zip-archives-security-bypass(43027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30650" + }, + { + "name": "30826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30826" + }, + { + "name": "gallery-zip-archives-security-bypass(43027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43027" + }, + { + "name": "http://gallery.menalto.com/gallery_2.2.5_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.2.5_released" + }, + { + "name": "FEDORA-2008-5479", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html" + }, + { + "name": "FEDORA-2008-5576", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html" + }, + { + "name": "29681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29681" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6280.json b/2008/6xxx/CVE-2008-6280.json index 4efe8d1c504..68baa0222b4 100644 --- a/2008/6xxx/CVE-2008-6280.json +++ b/2008/6xxx/CVE-2008-6280.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0811-exploits/linksys-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0811-exploits/linksys-xss.txt" - }, - { - "name" : "32496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32496" - }, - { - "name" : "32877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32877" - }, - { - "name" : "linksys-wrt160n-apply-xss(46980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0811-exploits/linksys-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0811-exploits/linksys-xss.txt" + }, + { + "name": "32496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32496" + }, + { + "name": "linksys-wrt160n-apply-xss(46980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46980" + }, + { + "name": "32877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32877" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6646.json b/2008/6xxx/CVE-2008-6646.json index fd1a13ea127..2e5bb62d005 100644 --- a/2008/6xxx/CVE-2008-6646.json +++ b/2008/6xxx/CVE-2008-6646.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080501 php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491525/100/0/threaded" - }, - { - "name" : "29005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29005" - }, - { - "name" : "phpaddressbook-username-xss(42140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpaddressbook-username-xss(42140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42140" + }, + { + "name": "20080501 php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491525/100/0/threaded" + }, + { + "name": "29005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29005" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1493.json b/2012/1xxx/CVE-2012-1493.json index 688371cadb9..af83372a57a 100644 --- a/2012/1xxx/CVE-2012-1493.json +++ b/2012/1xxx/CVE-2012-1493.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit/" - }, - { - "name" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb" - }, - { - "name" : "https://www.trustmatta.com/advisories/MATTA-2012-002.txt", - "refsource" : "MISC", - "url" : "https://www.trustmatta.com/advisories/MATTA-2012-002.txt" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html" + }, + { + "name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb" + }, + { + "name": "https://www.trustmatta.com/advisories/MATTA-2012-002.txt", + "refsource": "MISC", + "url": "https://www.trustmatta.com/advisories/MATTA-2012-002.txt" + }, + { + "name": "http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit/" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5127.json b/2012/5xxx/CVE-2012-5127.json index d3506b8bd4a..91a5846c11d 100644 --- a/2012/5xxx/CVE-2012-5127.json +++ b/2012/5xxx/CVE-2012-5127.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=157079", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=157079" - }, - { - "name" : "56413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56413" - }, - { - "name" : "87079", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87079" - }, - { - "name" : "oval:org.mitre.oval:def:15943", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15943" - }, - { - "name" : "chrome-cve20125127-code-exec(79862)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=157079", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=157079" + }, + { + "name": "oval:org.mitre.oval:def:15943", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15943" + }, + { + "name": "56413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56413" + }, + { + "name": "chrome-cve20125127-code-exec(79862)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79862" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" + }, + { + "name": "87079", + "refsource": "OSVDB", + "url": "http://osvdb.org/87079" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5135.json b/2012/5xxx/CVE-2012-5135.json index bb4061d00f1..795ead3db3b 100644 --- a/2012/5xxx/CVE-2012-5135.json +++ b/2012/5xxx/CVE-2012-5135.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=159165", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=159165" - }, - { - "name" : "openSUSE-SU-2012:1637", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html" - }, - { - "name" : "56684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56684" - }, - { - "name" : "87886", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87886" - }, - { - "name" : "oval:org.mitre.oval:def:15768", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15768" - }, - { - "name" : "1027815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027815" - }, - { - "name" : "google-chrome-printing-code-exec(80295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-chrome-printing-code-exec(80295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80295" + }, + { + "name": "87886", + "refsource": "OSVDB", + "url": "http://osvdb.org/87886" + }, + { + "name": "openSUSE-SU-2012:1637", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:15768", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15768" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html" + }, + { + "name": "1027815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027815" + }, + { + "name": "56684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56684" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=159165", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=159165" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5844.json b/2012/5xxx/CVE-2012-5844.json index 5eed2db2ce6..49f550f1a28 100644 --- a/2012/5xxx/CVE-2012-5844.json +++ b/2012/5xxx/CVE-2012-5844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5844", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5844", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11153.json b/2017/11xxx/CVE-2017-11153.json index 9121ebd2421..951125c87d2 100644 --- a/2017/11xxx/CVE-2017-11153.json +++ b/2017/11xxx/CVE-2017-11153.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-07-31T00:00:00", - "ID" : "CVE-2017-11153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Synology Photo Station", - "version" : { - "version_data" : [ - { - "version_value" : "before 6.7.3-3432 and 6.3-2967" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Deserialization of Untrusted Data (CWE-502)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-07-31T00:00:00", + "ID": "CVE-2017-11153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Synology Photo Station", + "version": { + "version_data": [ + { + "version_value": "before 6.7.3-3432 and 6.3-2967" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42434", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42434/" - }, - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data (CWE-502)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation" + }, + { + "name": "42434", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42434/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11600.json b/2017/11xxx/CVE-2017-11600.json index 0d565d92b1f..70c7aa2a34a 100644 --- a/2017/11xxx/CVE-2017-11600.json +++ b/2017/11xxx/CVE-2017-11600.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/bugtraq/2017/Jul/30", - "refsource" : "MISC", - "url" : "http://seclists.org/bugtraq/2017/Jul/30" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - }, - { - "name" : "DSA-3981", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3981" - }, - { - "name" : "RHSA-2018:1965", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1965" - }, - { - "name" : "RHSA-2018:2003", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2003" - }, - { - "name" : "SUSE-SU-2018:0011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" - }, - { - "name" : "99928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2003", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2003" + }, + { + "name": "SUSE-SU-2018:0011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" + }, + { + "name": "RHSA-2018:1965", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1965" + }, + { + "name": "99928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99928" + }, + { + "name": "DSA-3981", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3981" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + }, + { + "name": "http://seclists.org/bugtraq/2017/Jul/30", + "refsource": "MISC", + "url": "http://seclists.org/bugtraq/2017/Jul/30" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11723.json b/2017/11xxx/CVE-2017-11723.json index 8f54f734a5b..468c75f361f 100644 --- a/2017/11xxx/CVE-2017-11723.json +++ b/2017/11xxx/CVE-2017-11723.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JojoCMS/Jojo-CMS/issues/30", - "refsource" : "CONFIRM", - "url" : "https://github.com/JojoCMS/Jojo-CMS/issues/30" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JojoCMS/Jojo-CMS/issues/30", + "refsource": "CONFIRM", + "url": "https://github.com/JojoCMS/Jojo-CMS/issues/30" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11812.json b/2017/11xxx/CVE-2017-11812.json index 3ff37ab4a61..e28c537d35d 100644 --- a/2017/11xxx/CVE-2017-11812.json +++ b/2017/11xxx/CVE-2017-11812.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore and Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "ChakraCore and Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11812", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11812" - }, - { - "name" : "101139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101139" - }, - { - "name" : "1039529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039529" + }, + { + "name": "101139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101139" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11812", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11812" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11985.json b/2017/11xxx/CVE-2017-11985.json index 4d584888728..6daf5e5874a 100644 --- a/2017/11xxx/CVE-2017-11985.json +++ b/2017/11xxx/CVE-2017-11985.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11985", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11985", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15481.json b/2017/15xxx/CVE-2017-15481.json index 042ea56e6cc..04193d8d208 100644 --- a/2017/15xxx/CVE-2017-15481.json +++ b/2017/15xxx/CVE-2017-15481.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15481", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15481", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15562.json b/2017/15xxx/CVE-2017-15562.json index 7b398fb1aa5..8e11e71c6ee 100644 --- a/2017/15xxx/CVE-2017-15562.json +++ b/2017/15xxx/CVE-2017-15562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15562", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15562", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3194.json b/2017/3xxx/CVE-2017-3194.json index b539998b2b3..e041acf1f7d 100644 --- a/2017/3xxx/CVE-2017-3194.json +++ b/2017/3xxx/CVE-2017-3194.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pandora iOS App", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 8.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "Pandora Media, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295: Improper Certificate Validation" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pandora iOS App", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.3.2" + } + ] + } + } + ] + }, + "vendor_name": "Pandora Media, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018" - }, - { - "name" : "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/", - "refsource" : "MISC", - "url" : "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/" - }, - { - "name" : "VU#342303", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/342303" - }, - { - "name" : "97158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295: Improper Certificate Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#342303", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/342303" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018" + }, + { + "name": "97158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97158" + }, + { + "name": "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/", + "refsource": "MISC", + "url": "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3818.json b/2017/3xxx/CVE-2017-3818.json index 14af3e18ee2..ddc8545f1b4 100644 --- a/2017/3xxx/CVE-2017-3818.json +++ b/2017/3xxx/CVE-2017-3818.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco AsyncOS 9.7.1-066", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco AsyncOS 9.7.1-066" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Filtering Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco AsyncOS 9.7.1-066", + "version": { + "version_data": [ + { + "version_value": "Cisco AsyncOS 9.7.1-066" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1" - }, - { - "name" : "95939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95939" - }, - { - "name" : "1037773", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Filtering Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1" + }, + { + "name": "95939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95939" + }, + { + "name": "1037773", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037773" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8043.json b/2017/8xxx/CVE-2017-8043.json index 8798f461252..a2556a9600d 100644 --- a/2017/8xxx/CVE-2017-8043.json +++ b/2017/8xxx/CVE-2017-8043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8043", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-8043", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8378.json b/2017/8xxx/CVE-2017-8378.json index 404c8164e32..c28ce08342a 100644 --- a/2017/8xxx/CVE-2017-8378.json +++ b/2017/8xxx/CVE-2017-8378.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects", - "refsource" : "MISC", - "url" : "https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects", + "refsource": "MISC", + "url": "https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12156.json b/2018/12xxx/CVE-2018-12156.json index 7d31cf200e7..1241ffc2d12 100644 --- a/2018/12xxx/CVE-2018-12156.json +++ b/2018/12xxx/CVE-2018-12156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12472.json b/2018/12xxx/CVE-2018-12472.json index 5d69b7a33e8..33921cd5102 100644 --- a/2018/12xxx/CVE-2018-12472.json +++ b/2018/12xxx/CVE-2018-12472.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2018-09-27T00:00:00.000Z", - "ID" : "CVE-2018-12472", - "STATE" : "PUBLIC", - "TITLE" : "Authentication bypass in sibling check" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SMT", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "3.0.37" - } - ] - } - } - ] - }, - "vendor_name" : "SUSE Linux" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Jake Miller" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 7.3, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287: Improper Authentication" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-09-27T00:00:00.000Z", + "ID": "CVE-2018-12472", + "STATE": "PUBLIC", + "TITLE": "Authentication bypass in sibling check" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SMT", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "3.0.37" + } + ] + } + } + ] + }, + "vendor_name": "SUSE Linux" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1104076", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1104076" - } - ] - }, - "source" : { - "defect" : [ - "https://bugzilla.suse.com/show_bug.cgi?id=1104076" - ], - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Jake Miller" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1104076", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1104076" + } + ] + }, + "source": { + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1104076" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12739.json b/2018/12xxx/CVE-2018-12739.json index de90ace72fa..3a01d205f73 100644 --- a/2018/12xxx/CVE-2018-12739.json +++ b/2018/12xxx/CVE-2018-12739.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44952", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44952/" - }, - { - "name" : "https://www.cnblogs.com/v1vvwv/p/9226389.html", - "refsource" : "MISC", - "url" : "https://www.cnblogs.com/v1vvwv/p/9226389.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44952", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44952/" + }, + { + "name": "https://www.cnblogs.com/v1vvwv/p/9226389.html", + "refsource": "MISC", + "url": "https://www.cnblogs.com/v1vvwv/p/9226389.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12835.json b/2018/12xxx/CVE-2018-12835.json index 90049e4d225..0ca0562f1c2 100644 --- a/2018/12xxx/CVE-2018-12835.json +++ b/2018/12xxx/CVE-2018-12835.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type Confusion" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105443" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105443" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13029.json b/2018/13xxx/CVE-2018-13029.json index a257ece9e09..e7fd766b588 100644 --- a/2018/13xxx/CVE-2018-13029.json +++ b/2018/13xxx/CVE-2018-13029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13179.json b/2018/13xxx/CVE-2018-13179.json index 29530cd0c94..8d0012b3ac9 100644 --- a/2018/13xxx/CVE-2018-13179.json +++ b/2018/13xxx/CVE-2018-13179.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AirContactToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AirContactToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AirContactToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AirContactToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13688.json b/2018/13xxx/CVE-2018-13688.json index df8845ced18..0efff84e2e3 100644 --- a/2018/13xxx/CVE-2018-13688.json +++ b/2018/13xxx/CVE-2018-13688.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MallToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MallToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MallToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MallToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13805.json b/2018/13xxx/CVE-2018-13805.json index 4e7ae177342..73388180d2a 100644 --- a/2018/13xxx/CVE-2018-13805.json +++ b/2018/13xxx/CVE-2018-13805.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-10-09T00:00:00", - "ID" : "CVE-2018-13805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SIMATIC ET 200SP Open Controller", - "version" : { - "version_data" : [ - { - "version_value" : "All versions >= V2.0" - } - ] - } - }, - { - "product_name" : "SIMATIC S7-1500 Software Controller", - "version" : { - "version_data" : [ - { - "version_value" : "All versions >= V2.0 and < V2.5" - } - ] - } - }, - { - "product_name" : "SIMATIC S7-1500 incl. F", - "version" : { - "version_data" : [ - { - "version_value" : "All versions >= V2.0 and < V2.5" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-10-09T00:00:00", + "ID": "CVE-2018-13805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SIMATIC ET 200SP Open Controller", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.0" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 Software Controller", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.0 and < V2.5" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 incl. F", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.0 and < V2.5" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16062.json b/2018/16xxx/CVE-2018-16062.json index 343caaf4815..99f3f5e254c 100644 --- a/2018/16xxx/CVE-2018-16062.json +++ b/2018/16xxx/CVE-2018-16062.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23541" - }, - { - "name" : "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", + "refsource": "MISC", + "url": "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23541" + }, + { + "name": "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16080.json b/2018/16xxx/CVE-2018-16080.json index 6e9f2fc4480..0edf6c4caf1 100644 --- a/2018/16xxx/CVE-2018-16080.json +++ b/2018/16xxx/CVE-2018-16080.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-16080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "69.0.3497.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-16080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "69.0.3497.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/858929", - "refsource" : "MISC", - "url" : "https://crbug.com/858929" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:2666", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2666" - }, - { - "name" : "105215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105215" + }, + { + "name": "https://crbug.com/858929", + "refsource": "MISC", + "url": "https://crbug.com/858929" + }, + { + "name": "RHSA-2018:2666", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2666" + }, + { + "name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16121.json b/2018/16xxx/CVE-2018-16121.json index 07ec73cffec..c6232eac2b3 100644 --- a/2018/16xxx/CVE-2018-16121.json +++ b/2018/16xxx/CVE-2018-16121.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16121", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16121", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16207.json b/2018/16xxx/CVE-2018-16207.json index 6eb5d9c7a60..a506326d068 100644 --- a/2018/16xxx/CVE-2018-16207.json +++ b/2018/16xxx/CVE-2018-16207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16580.json b/2018/16xxx/CVE-2018-16580.json index c99c581b251..07022af5033 100644 --- a/2018/16xxx/CVE-2018-16580.json +++ b/2018/16xxx/CVE-2018-16580.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16580", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16580", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17069.json b/2018/17xxx/CVE-2018-17069.json index b56dafc3000..42645246361 100644 --- a/2018/17xxx/CVE-2018-17069.json +++ b/2018/17xxx/CVE-2018-17069.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/unlcms/UNL-CMS/issues/941", - "refsource" : "MISC", - "url" : "https://github.com/unlcms/UNL-CMS/issues/941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/unlcms/UNL-CMS/issues/941", + "refsource": "MISC", + "url": "https://github.com/unlcms/UNL-CMS/issues/941" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17582.json b/2018/17xxx/CVE-2018-17582.json index 90c3c3e260e..e383ef5f821 100644 --- a/2018/17xxx/CVE-2018-17582.json +++ b/2018/17xxx/CVE-2018-17582.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay", - "refsource" : "MISC", - "url" : "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay" - }, - { - "name" : "https://github.com/appneta/tcpreplay/issues/484", - "refsource" : "MISC", - "url" : "https://github.com/appneta/tcpreplay/issues/484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/appneta/tcpreplay/issues/484", + "refsource": "MISC", + "url": "https://github.com/appneta/tcpreplay/issues/484" + }, + { + "name": "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay", + "refsource": "MISC", + "url": "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17667.json b/2018/17xxx/CVE-2018-17667.json index c16cc42867b..f57380bf27b 100644 --- a/2018/17xxx/CVE-2018-17667.json +++ b/2018/17xxx/CVE-2018-17667.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the print method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6521." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1171/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1171/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the print method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6521." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1171/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1171/" + } + ] + } +} \ No newline at end of file