diff --git a/2003/0xxx/CVE-2003-0638.json b/2003/0xxx/CVE-2003-0638.json index 68cdf7e1bc5..98b1b9826de 100644 --- a/2003/0xxx/CVE-2003-0638.json +++ b/2003/0xxx/CVE-2003-0638.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a \"special script against login.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030606 NOVL-2003-2966207 - iChain 2.1 Field Patch 3", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105492847631711&w=2" - }, - { - "name" : "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105492852131747&w=2" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a \"special script against login.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm" + }, + { + "name": "20030606 NOVL-2003-2966207 - iChain 2.1 Field Patch 3", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105492847631711&w=2" + }, + { + "name": "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105492852131747&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0657.json b/2003/0xxx/CVE-2003-0657.json index 2ba2b71c434..60c6c8c7eb6 100644 --- a/2003/0xxx/CVE-2003-0657.json +++ b/2003/0xxx/CVE-2003-0657.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-365", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-365", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-365" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0921.json b/2003/0xxx/CVE-2003-0921.json index 6ae1df269be..218db11ffd8 100644 --- a/2003/0xxx/CVE-2003-0921.json +++ b/2003/0xxx/CVE-2003-0921.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0921", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0921", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1281.json b/2003/1xxx/CVE-2003-1281.json index bbd6977c88b..5fa81dbec0f 100644 --- a/2003/1xxx/CVE-2003-1281.json +++ b/2003/1xxx/CVE-2003-1281.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030107 Multiple cgihtml vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/305469" - }, - { - "name" : "6552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6552" - }, - { - "name" : "cgihtml-tmpfile-symlink(11023)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11023.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cgihtml-tmpfile-symlink(11023)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11023.php" + }, + { + "name": "6552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6552" + }, + { + "name": "20030107 Multiple cgihtml vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/305469" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1477.json b/2003/1xxx/CVE-2003-1477.json index 8dc86bab68d..bcaaa3387a9 100644 --- a/2003/1xxx/CVE-2003-1477.json +++ b/2003/1xxx/CVE-2003-1477.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains \"embedded objects.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm", - "refsource" : "CONFIRM", - "url" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm" - }, - { - "name" : "7562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7562" - }, - { - "name" : "mailsweeper-powerpoint-file-dos(12052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains \"embedded objects.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7562" + }, + { + "name": "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm", + "refsource": "CONFIRM", + "url": "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm" + }, + { + "name": "mailsweeper-powerpoint-file-dos(12052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12052" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1579.json b/2003/1xxx/CVE-2003-1579.json index 2bff7f143cf..c1495089b88 100644 --- a/2003/1xxx/CVE-2003-1579.json +++ b/2003/1xxx/CVE-2003-1579.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030304 Log corruption on multiple webservers, log analyzers,...", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313867" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0723.json b/2004/0xxx/CVE-2004-0723.json index 4517b97a2a1..6a0b2a673be 100644 --- a/2004/0xxx/CVE-2004-0723.json +++ b/2004/0xxx/CVE-2004-0723.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the \"GET/Key\" and \"PUT/Key/Value\" commands, aka \"cross-site Java.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040710 Covert Channels allow Cross-Site-Java in Microsoft VM", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108948405808522&w=2" - }, - { - "name" : "10688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10688" - }, - { - "name" : "msjvm-sandbox-bypass(16666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the \"GET/Key\" and \"PUT/Key/Value\" commands, aka \"cross-site Java.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "msjvm-sandbox-bypass(16666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16666" + }, + { + "name": "10688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10688" + }, + { + "name": "20040710 Covert Channels allow Cross-Site-Java in Microsoft VM", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108948405808522&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0724.json b/2004/0xxx/CVE-2004-0724.json index 8cd98d4bbb4..a5235ec989f 100644 --- a/2004/0xxx/CVE-2004-0724.json +++ b/2004/0xxx/CVE-2004-0724.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040712 Remote crash of Half-Life servers and clients (versions before the 07 July 2004)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108966465302107&w=2" - }, - { - "name" : "10700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10700" - }, - { - "name" : "halflife-packet-dos(16674)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040712 Remote crash of Half-Life servers and clients (versions before the 07 July 2004)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108966465302107&w=2" + }, + { + "name": "halflife-packet-dos(16674)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16674" + }, + { + "name": "10700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10700" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0813.json b/2004/0xxx/CVE-2004-0813.json index 215bcdddacd..978e8d09474 100644 --- a/2004/0xxx/CVE-2004-0813.json +++ b/2004/0xxx/CVE-2004-0813.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" - }, - { - "name" : "http://lkml.org/lkml/2004/7/30/147", - "refsource" : "MISC", - "url" : "http://lkml.org/lkml/2004/7/30/147" - }, - { - "name" : "GLSA-200711-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-23.xml" - }, - { - "name" : "RHSA-2007:0465", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0465.html" - }, - { - "name" : "20070602-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc" - }, - { - "name" : "25749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25749" - }, - { - "name" : "oval:org.mitre.oval:def:10011", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10011" - }, - { - "name" : "ADV-2007-3229", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3229" - }, - { - "name" : "25631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25631" - }, - { - "name" : "25894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25894" - }, - { - "name" : "26909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26909" - }, - { - "name" : "27706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27706" - }, - { - "name" : "linux-sgio-gain-privileges(17505)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" + }, + { + "name": "GLSA-200711-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml" + }, + { + "name": "25894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25894" + }, + { + "name": "ADV-2007-3229", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3229" + }, + { + "name": "RHSA-2007:0465", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0465.html" + }, + { + "name": "http://lkml.org/lkml/2004/7/30/147", + "refsource": "MISC", + "url": "http://lkml.org/lkml/2004/7/30/147" + }, + { + "name": "oval:org.mitre.oval:def:10011", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10011" + }, + { + "name": "25749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25749" + }, + { + "name": "26909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26909" + }, + { + "name": "27706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27706" + }, + { + "name": "linux-sgio-gain-privileges(17505)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17505" + }, + { + "name": "20070602-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc" + }, + { + "name": "25631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25631" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0916.json b/2004/0xxx/CVE-2004-0916.json index 2e8aac08f6c..259d1ba7b7c 100644 --- a/2004/0xxx/CVE-2004-0916.json +++ b/2004/0xxx/CVE-2004-0916.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-574", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-574" - }, - { - "name" : "http://www.kyz.uklinux.net/cabextract.php#changes", - "refsource" : "CONFIRM", - "url" : "http://www.kyz.uklinux.net/cabextract.php#changes" - }, - { - "name" : "12882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12882/" - }, - { - "name" : "11460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11460" - }, - { - "name" : "cabextract-directory-traversal(17766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kyz.uklinux.net/cabextract.php#changes", + "refsource": "CONFIRM", + "url": "http://www.kyz.uklinux.net/cabextract.php#changes" + }, + { + "name": "12882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12882/" + }, + { + "name": "DSA-574", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-574" + }, + { + "name": "cabextract-directory-traversal(17766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17766" + }, + { + "name": "11460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11460" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1548.json b/2004/1xxx/CVE-2004-1548.json index d161583fe11..3ce2052c59f 100644 --- a/2004/1xxx/CVE-2004-1548.json +++ b/2004/1xxx/CVE-2004-1548.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040923 Multiple vulnerabilities in ActivePost Standard 3.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109597139011373&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/actp-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/actp-adv.txt" - }, - { - "name" : "11244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11244" - }, - { - "name" : "1011406", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011406" - }, - { - "name" : "12642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12642/" - }, - { - "name" : "activepost-dotdot-directory-traversal(17488)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "activepost-dotdot-directory-traversal(17488)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17488" + }, + { + "name": "20040923 Multiple vulnerabilities in ActivePost Standard 3.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109597139011373&w=2" + }, + { + "name": "12642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12642/" + }, + { + "name": "http://aluigi.altervista.org/adv/actp-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/actp-adv.txt" + }, + { + "name": "11244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11244" + }, + { + "name": "1011406", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011406" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2169.json b/2004/2xxx/CVE-2004-2169.json index 24f1d519542..292198c003c 100644 --- a/2004/2xxx/CVE-2004-2169.json +++ b/2004/2xxx/CVE-2004-2169.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/A-A-S/AAS1_0_3.TXT", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/A-A-S/AAS1_0_3.TXT" - }, - { - "name" : "10762", - "refsource" : "SECUNIA", - "url" : "http://www.secunia.com/advisories/10762/" - }, - { - "name" : "aas-longhttp-request-dos(15003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://members.lycos.co.uk/r34ct/main/A-A-S/AAS1_0_3.TXT", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/A-A-S/AAS1_0_3.TXT" + }, + { + "name": "10762", + "refsource": "SECUNIA", + "url": "http://www.secunia.com/advisories/10762/" + }, + { + "name": "aas-longhttp-request-dos(15003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15003" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2506.json b/2004/2xxx/CVE-2004-2506.json index 10ebf2241ab..68d1aeac901 100644 --- a/2004/2xxx/CVE-2004-2506.json +++ b/2004/2xxx/CVE-2004-2506.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=231421", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=231421" - }, - { - "name" : "5401", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5401" - }, - { - "name" : "11394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11394" - }, - { - "name" : "wikindx-configinc-obtain-information(15885)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wikindx-configinc-obtain-information(15885)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15885" + }, + { + "name": "5401", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5401" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=231421", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=231421" + }, + { + "name": "11394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11394" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2652.json b/2004/2xxx/CVE-2004-2652.json index 717f54a62ad..230718ac636 100644 --- a/2004/2xxx/CVE-2004-2652.json +++ b/2004/2xxx/CVE-2004-2652.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html", - "refsource" : "MISC", - "url" : "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html" - }, - { - "name" : "http://www.frsirt.com/exploits/20041222.angelDust.c.php", - "refsource" : "MISC", - "url" : "http://www.frsirt.com/exploits/20041222.angelDust.c.php" - }, - { - "name" : "http://www.securiteam.com/exploits/6X00L20C0S.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/6X00L20C0S.html" - }, - { - "name" : "http://www.snort.org/arc_news/", - "refsource" : "CONFIRM", - "url" : "http://www.snort.org/arc_news/" - }, - { - "name" : "12084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12084" - }, - { - "name" : "12578", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12578" - }, - { - "name" : "1012656", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012656" - }, - { - "name" : "13664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13664" - }, - { - "name" : "snort-tcpip-printing-dos(18689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1012656", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012656" + }, + { + "name": "http://www.frsirt.com/exploits/20041222.angelDust.c.php", + "refsource": "MISC", + "url": "http://www.frsirt.com/exploits/20041222.angelDust.c.php" + }, + { + "name": "snort-tcpip-printing-dos(18689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18689" + }, + { + "name": "12084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12084" + }, + { + "name": "http://www.securiteam.com/exploits/6X00L20C0S.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/6X00L20C0S.html" + }, + { + "name": "12578", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12578" + }, + { + "name": "http://www.snort.org/arc_news/", + "refsource": "CONFIRM", + "url": "http://www.snort.org/arc_news/" + }, + { + "name": "13664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13664" + }, + { + "name": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html", + "refsource": "MISC", + "url": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2008.json b/2008/2xxx/CVE-2008-2008.json index cf0358a4a1e..cd07970a31d 100644 --- a/2008/2xxx/CVE-2008-2008.json +++ b/2008/2xxx/CVE-2008-2008.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080424 Trillian 3.1 basic nick crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491281/100/0/threaded" - }, - { - "name" : "28925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28925" - }, - { - "name" : "ADV-2008-1368", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1368/references" - }, - { - "name" : "29952", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29952" - }, - { - "name" : "3849", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29952", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29952" + }, + { + "name": "3849", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3849" + }, + { + "name": "28925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28925" + }, + { + "name": "ADV-2008-1368", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1368/references" + }, + { + "name": "20080424 Trillian 3.1 basic nick crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491281/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2206.json b/2008/2xxx/CVE-2008-2206.json index 92b9d0a87f2..9495bb45751 100644 --- a/2008/2xxx/CVE-2008-2206.json +++ b/2008/2xxx/CVE-2008-2206.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080503 Maian Music v1.1 Multiple Vulnerabilities (Xss/SQL Injection)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491590/100/0/threaded" - }, - { - "name" : "29032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29032" - }, - { - "name" : "30066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30066" - }, - { - "name" : "3884", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3884" - }, - { - "name" : "maian-music-index-footer-xss(42210)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29032" + }, + { + "name": "maian-music-index-footer-xss(42210)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42210" + }, + { + "name": "3884", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3884" + }, + { + "name": "30066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30066" + }, + { + "name": "20080503 Maian Music v1.1 Multiple Vulnerabilities (Xss/SQL Injection)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491590/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2357.json b/2008/2xxx/CVE-2008-2357.json index 9ebba11d59d..28f101f8ee6 100644 --- a/2008/2xxx/CVE-2008-2357.json +++ b/2008/2xxx/CVE-2008-2357.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492260/100/0/threaded" - }, - { - "name" : "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2008/May/0488.html" - }, - { - "name" : "[oss-security] 20080521 Re: CVE request: mtr", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/05/21/1" - }, - { - "name" : "[oss-security] 20080521 Re: CVE request: mtr", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/05/21/3" - }, - { - "name" : "[oss-security] 20080521 Re: CVE request: mtr", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/05/21/4" - }, - { - "name" : "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2558", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2558" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175" - }, - { - "name" : "DSA-1587", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1587" - }, - { - "name" : "GLSA-200806-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200806-01.xml" - }, - { - "name" : "MDVSA-2008:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176" - }, - { - "name" : "SUSE-SR:2008:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" - }, - { - "name" : "29290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29290" - }, - { - "name" : "1020046", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020046" - }, - { - "name" : "30312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30312" - }, - { - "name" : "30340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30340" - }, - { - "name" : "30522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30522" - }, - { - "name" : "30967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30967" - }, - { - "name" : "30359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30359" - }, - { - "name" : "3903", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3903" - }, - { - "name" : "mtr-splitredraw-bo(42535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30340" + }, + { + "name": "30522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30522" + }, + { + "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded" + }, + { + "name": "30312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30312" + }, + { + "name": "MDVSA-2008:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176" + }, + { + "name": "29290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29290" + }, + { + "name": "GLSA-200806-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200806-01.xml" + }, + { + "name": "[oss-security] 20080521 Re: CVE request: mtr", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/05/21/3" + }, + { + "name": "30967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30967" + }, + { + "name": "30359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30359" + }, + { + "name": "mtr-splitredraw-bo(42535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535" + }, + { + "name": "[oss-security] 20080521 Re: CVE request: mtr", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/05/21/4" + }, + { + "name": "3903", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3903" + }, + { + "name": "DSA-1587", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1587" + }, + { + "name": "SUSE-SR:2008:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175" + }, + { + "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2008/May/0488.html" + }, + { + "name": "[oss-security] 20080521 Re: CVE request: mtr", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/05/21/1" + }, + { + "name": "1020046", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020046" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2558", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2558" + }, + { + "name": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff", + "refsource": "CONFIRM", + "url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2968.json b/2008/2xxx/CVE-2008-2968.json index 36b5e2035b6..e7ac3a24445 100644 --- a/2008/2xxx/CVE-2008-2968.json +++ b/2008/2xxx/CVE-2008-2968.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080619 Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493472/100/0/threaded" - }, - { - "name" : "http://www.bugreport.ir/?/44", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/?/44" - }, - { - "name" : "29813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29813" - }, - { - "name" : "30763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30763" - }, - { - "name" : "3959", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3959" - }, - { - "name" : "academicwebtools-rating-sql-injection(43177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080619 Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493472/100/0/threaded" + }, + { + "name": "30763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30763" + }, + { + "name": "http://www.bugreport.ir/?/44", + "refsource": "MISC", + "url": "http://www.bugreport.ir/?/44" + }, + { + "name": "academicwebtools-rating-sql-injection(43177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43177" + }, + { + "name": "3959", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3959" + }, + { + "name": "29813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29813" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6700.json b/2008/6xxx/CVE-2008-6700.json index 9a8c71e0d35..75270248b7a 100644 --- a/2008/6xxx/CVE-2008-6700.json +++ b/2008/6xxx/CVE-2008-6700.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5797", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5797" - }, - { - "name" : "29700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29700" - }, - { - "name" : "butterfly-mytable-xss(43066)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5797", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5797" + }, + { + "name": "29700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29700" + }, + { + "name": "butterfly-mytable-xss(43066)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43066" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6823.json b/2008/6xxx/CVE-2008-6823.json index 1b5b03e62b9..28320871db1 100644 --- a/2008/6xxx/CVE-2008-6823.json +++ b/2008/6xxx/CVE-2008-6823.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081031 A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497997/100/0/threaded" - }, - { - "name" : "6899", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6899" - }, - { - "name" : "http://www.louhinetworks.fi/advisory/alink_081028.txt", - "refsource" : "MISC", - "url" : "http://www.louhinetworks.fi/advisory/alink_081028.txt" - }, - { - "name" : "http://www.a-link.com/WL54AP3.html", - "refsource" : "CONFIRM", - "url" : "http://www.a-link.com/WL54AP3.html" - }, - { - "name" : "32008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32008" - }, - { - "name" : "49465", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/49465" - }, - { - "name" : "49466", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49466" - }, - { - "name" : "32421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32421" - }, - { - "name" : "wl54ap3-wl54ap2-domain-name-xss(46255)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46255" - }, - { - "name" : "wl54ap3-wl54ap2-interface-csrf(46256)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wl54ap3-wl54ap2-domain-name-xss(46255)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46255" + }, + { + "name": "wl54ap3-wl54ap2-interface-csrf(46256)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46256" + }, + { + "name": "49466", + "refsource": "OSVDB", + "url": "http://osvdb.org/49466" + }, + { + "name": "32008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32008" + }, + { + "name": "49465", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/49465" + }, + { + "name": "20081031 A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497997/100/0/threaded" + }, + { + "name": "6899", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6899" + }, + { + "name": "32421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32421" + }, + { + "name": "http://www.louhinetworks.fi/advisory/alink_081028.txt", + "refsource": "MISC", + "url": "http://www.louhinetworks.fi/advisory/alink_081028.txt" + }, + { + "name": "http://www.a-link.com/WL54AP3.html", + "refsource": "CONFIRM", + "url": "http://www.a-link.com/WL54AP3.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1034.json b/2012/1xxx/CVE-2012-1034.json index e3bec9e3cea..6d01ba6bd1f 100644 --- a/2012/1xxx/CVE-2012-1034.json +++ b/2012/1xxx/CVE-2012-1034.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://world.episerver.com/Blogs/Shahid-Nawaz/Dates/2012/1/General-Hotfix-CMS-6-R2/", - "refsource" : "CONFIRM", - "url" : "http://world.episerver.com/Blogs/Shahid-Nawaz/Dates/2012/1/General-Hotfix-CMS-6-R2/" - }, - { - "name" : "http://world.episerver.com/PageFiles/110367/BugList.txt", - "refsource" : "CONFIRM", - "url" : "http://world.episerver.com/PageFiles/110367/BugList.txt" - }, - { - "name" : "51877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51877" - }, - { - "name" : "47910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51877" + }, + { + "name": "47910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47910" + }, + { + "name": "http://world.episerver.com/PageFiles/110367/BugList.txt", + "refsource": "CONFIRM", + "url": "http://world.episerver.com/PageFiles/110367/BugList.txt" + }, + { + "name": "http://world.episerver.com/Blogs/Shahid-Nawaz/Dates/2012/1/General-Hotfix-CMS-6-R2/", + "refsource": "CONFIRM", + "url": "http://world.episerver.com/Blogs/Shahid-Nawaz/Dates/2012/1/General-Hotfix-CMS-6-R2/" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1036.json b/2012/1xxx/CVE-2012-1036.json index 80a5f75ddf1..a2c8ba77900 100644 --- a/2012/1xxx/CVE-2012-1036.json +++ b/2012/1xxx/CVE-2012-1036.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://technet.microsoft.com/en-us/security/msvr/msvr12-002", - "refsource" : "MISC", - "url" : "http://technet.microsoft.com/en-us/security/msvr/msvr12-002" - }, - { - "name" : "http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.59.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.59.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://technet.microsoft.com/en-us/security/msvr/msvr12-002", + "refsource": "MISC", + "url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-002" + }, + { + "name": "http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.59.aspx", + "refsource": "CONFIRM", + "url": "http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.59.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1617.json b/2012/1xxx/CVE-2012-1617.json index d76a9f4a4ad..8086ffa24cc 100644 --- a/2012/1xxx/CVE-2012-1617.json +++ b/2012/1xxx/CVE-2012-1617.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120307 OSClass directory traversal (leads to arbitrary file upload)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0024.html" - }, - { - "name" : "[oss-security] 20120402 CVE request: OSClass directory traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/02/1" - }, - { - "name" : "[oss-security] 20120402 Re: CVE request: OSClass directory traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/02/6" - }, - { - "name" : "[oss-security] 20120403 Re: CVE request: OSClass directory traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/03/1" - }, - { - "name" : "[oss-security] 20120404 Re: CVE request: OSClass directory traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/04/7" - }, - { - "name" : "http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability", - "refsource" : "MISC", - "url" : "http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability" - }, - { - "name" : "http://osclass.org/2012/03/05/osclass-2-3-6/", - "refsource" : "CONFIRM", - "url" : "http://osclass.org/2012/03/05/osclass-2-3-6/" - }, - { - "name" : "https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b", - "refsource" : "CONFIRM", - "url" : "https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b" - }, - { - "name" : "https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a", - "refsource" : "CONFIRM", - "url" : "https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a" - }, - { - "name" : "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1", - "refsource" : "CONFIRM", - "url" : "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1" - }, - { - "name" : "52336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52336" - }, - { - "name" : "48284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48284" - }, - { - "name" : "osclass-directory-traversal(73754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73754" - }, - { - "name" : "osclass-file-upload(73755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120307 OSClass directory traversal (leads to arbitrary file upload)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0024.html" + }, + { + "name": "48284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48284" + }, + { + "name": "[oss-security] 20120403 Re: CVE request: OSClass directory traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/03/1" + }, + { + "name": "https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a", + "refsource": "CONFIRM", + "url": "https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a" + }, + { + "name": "[oss-security] 20120404 Re: CVE request: OSClass directory traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/04/7" + }, + { + "name": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1", + "refsource": "CONFIRM", + "url": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1" + }, + { + "name": "http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability", + "refsource": "MISC", + "url": "http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability" + }, + { + "name": "http://osclass.org/2012/03/05/osclass-2-3-6/", + "refsource": "CONFIRM", + "url": "http://osclass.org/2012/03/05/osclass-2-3-6/" + }, + { + "name": "52336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52336" + }, + { + "name": "[oss-security] 20120402 Re: CVE request: OSClass directory traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/02/6" + }, + { + "name": "https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b", + "refsource": "CONFIRM", + "url": "https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b" + }, + { + "name": "[oss-security] 20120402 CVE request: OSClass directory traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/02/1" + }, + { + "name": "osclass-directory-traversal(73754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73754" + }, + { + "name": "osclass-file-upload(73755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73755" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1746.json b/2012/1xxx/CVE-2012-1746.json index 3f7bd5f388f..15b559bfd69 100644 --- a/2012/1xxx/CVE-2012-1746.json +++ b/2012/1xxx/CVE-2012-1746.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54507" - }, - { - "name" : "83947", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83947" - }, - { - "name" : "1027260", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027260", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027260" + }, + { + "name": "83947", + "refsource": "OSVDB", + "url": "http://osvdb.org/83947" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "54507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54507" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5178.json b/2012/5xxx/CVE-2012-5178.json index ea54878da8e..8da4d9b268b 100644 --- a/2012/5xxx/CVE-2012-5178.json +++ b/2012/5xxx/CVE-2012-5178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-5178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.welcart.com/community/archives/4524", - "refsource" : "CONFIRM", - "url" : "http://www.welcart.com/community/archives/4524" - }, - { - "name" : "JVN#53269985", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN53269985/index.html" - }, - { - "name" : "JVNDB-2012-000109", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.welcart.com/community/archives/4524", + "refsource": "CONFIRM", + "url": "http://www.welcart.com/community/archives/4524" + }, + { + "name": "JVN#53269985", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN53269985/index.html" + }, + { + "name": "JVNDB-2012-000109", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000109" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5437.json b/2012/5xxx/CVE-2012-5437.json index a76cf2bd4df..7df4bdc780d 100644 --- a/2012/5xxx/CVE-2012-5437.json +++ b/2012/5xxx/CVE-2012-5437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5437", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5437", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5736.json b/2012/5xxx/CVE-2012-5736.json index a4f021f49d8..1ecbdd11af2 100644 --- a/2012/5xxx/CVE-2012-5736.json +++ b/2012/5xxx/CVE-2012-5736.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5736", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5736", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5742.json b/2012/5xxx/CVE-2012-5742.json index 2ad8dd34789..c4409081f17 100644 --- a/2012/5xxx/CVE-2012-5742.json +++ b/2012/5xxx/CVE-2012-5742.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5742", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5742", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5831.json b/2012/5xxx/CVE-2012-5831.json index 445f3f48eba..f56d26579dc 100644 --- a/2012/5xxx/CVE-2012-5831.json +++ b/2012/5xxx/CVE-2012-5831.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5831", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5831", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11058.json b/2017/11xxx/CVE-2017-11058.json index 0585a18ad26..9b47163c06c 100644 --- a/2017/11xxx/CVE-2017-11058.json +++ b/2017/11xxx/CVE-2017-11058.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-11-01T00:00:00", - "ID" : "CVE-2017-11058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-11-01T00:00:00", + "ID": "CVE-2017-11058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11096.json b/2017/11xxx/CVE-2017-11096.json index 8b4c836e5f8..b03947f3a46 100644 --- a/2017/11xxx/CVE-2017-11096.json +++ b/2017/11xxx/CVE-2017-11096.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/matthiaskramm/swftools/issues/25", - "refsource" : "MISC", - "url" : "https://github.com/matthiaskramm/swftools/issues/25" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/matthiaskramm/swftools/issues/25", + "refsource": "MISC", + "url": "https://github.com/matthiaskramm/swftools/issues/25" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11163.json b/2017/11xxx/CVE-2017-11163.json index f7c2f66bb8a..9edb7f46d92 100644 --- a/2017/11xxx/CVE-2017-11163.json +++ b/2017/11xxx/CVE-2017-11163.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Cacti/cacti/issues/847", - "refsource" : "CONFIRM", - "url" : "https://github.com/Cacti/cacti/issues/847" - }, - { - "name" : "1038908", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038908", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038908" + }, + { + "name": "https://github.com/Cacti/cacti/issues/847", + "refsource": "CONFIRM", + "url": "https://github.com/Cacti/cacti/issues/847" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11659.json b/2017/11xxx/CVE-2017-11659.json index 999af8d6fcb..15c87335ad1 100644 --- a/2017/11xxx/CVE-2017-11659.json +++ b/2017/11xxx/CVE-2017-11659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11659", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11659", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11722.json b/2017/11xxx/CVE-2017-11722.json index a77a6640854..6be8ace6912 100644 --- a/2017/11xxx/CVE-2017-11722.json +++ b/2017/11xxx/CVE-2017-11722.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e", - "refsource" : "MISC", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e", + "refsource": "MISC", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11880.json b/2017/11xxx/CVE-2017-11880.json index 83eeb1062f1..baedb8fd119 100644 --- a/2017/11xxx/CVE-2017-11880.json +++ b/2017/11xxx/CVE-2017-11880.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11831." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Kernel", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11880", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11880" - }, - { - "name" : "101755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101755" - }, - { - "name" : "1039782", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11831." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101755" + }, + { + "name": "1039782", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039782" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11880", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11880" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15121.json b/2017/15xxx/CVE-2017-15121.json index 26bc90325fd..fe0590bedec 100644 --- a/2017/15xxx/CVE-2017-15121.json +++ b/2017/15xxx/CVE-2017-15121.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-12-05T00:00:00", - "ID" : "CVE-2017-15121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Red Hat Enterprise Linux", - "version" : { - "version_data" : [ - { - "version_value" : "6, 7" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-12-05T00:00:00", + "ID": "CVE-2017-15121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux", + "version": { + "version_data": [ + { + "version_value": "6, 7" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1520893", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1520893" - }, - { - "name" : "RHSA-2018:0676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name" : "RHSA-2018:1062", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1062" - }, - { - "name" : "RHSA-2018:1854", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1854" - }, - { - "name" : "102128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893" + }, + { + "name": "RHSA-2018:1854", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1854" + }, + { + "name": "RHSA-2018:1062", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1062" + }, + { + "name": "RHSA-2018:0676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0676" + }, + { + "name": "102128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102128" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3062.json b/2017/3xxx/CVE-2017-3062.json index 2619b75e214..1e3c0ae50b4 100644 --- a/2017/3xxx/CVE-2017-3062.json +++ b/2017/3xxx/CVE-2017-3062.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 25.0.0.127 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 25.0.0.127 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 25.0.0.127 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 25.0.0.127 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html" - }, - { - "name" : "GLSA-201704-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-04" - }, - { - "name" : "RHSA-2017:0934", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0934" - }, - { - "name" : "97551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97551" - }, - { - "name" : "1038225", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201704-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-04" + }, + { + "name": "1038225", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038225" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html" + }, + { + "name": "RHSA-2017:0934", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0934" + }, + { + "name": "97551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97551" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3082.json b/2017/3xxx/CVE-2017-3082.json index b3e7de09b70..3f2379cd6ec 100644 --- a/2017/3xxx/CVE-2017-3082.json +++ b/2017/3xxx/CVE-2017-3082.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 25.0.0.171 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 25.0.0.171 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 25.0.0.171 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 25.0.0.171 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" - }, - { - "name" : "GLSA-201707-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-15" - }, - { - "name" : "RHSA-2017:1439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1439" - }, - { - "name" : "99025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99025" - }, - { - "name" : "1038655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" + }, + { + "name": "99025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99025" + }, + { + "name": "1038655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038655" + }, + { + "name": "RHSA-2017:1439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1439" + }, + { + "name": "GLSA-201707-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-15" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3215.json b/2017/3xxx/CVE-2017-3215.json index cfd4178d39d..eaefb18c161 100644 --- a/2017/3xxx/CVE-2017-3215.json +++ b/2017/3xxx/CVE-2017-3215.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ONE-KEY", - "version" : { - "version_data" : [ - { - "version_value" : "" - } - ] - } - } - ] - }, - "vendor_name" : "Milwaukee Tool" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-613" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ONE-KEY", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Milwaukee Tool" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://duo.com/blog/bug-hunting-drilling-into-the-internet-of-things-iot", - "refsource" : "MISC", - "url" : "https://duo.com/blog/bug-hunting-drilling-into-the-internet-of-things-iot" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://duo.com/blog/bug-hunting-drilling-into-the-internet-of-things-iot", + "refsource": "MISC", + "url": "https://duo.com/blog/bug-hunting-drilling-into-the-internet-of-things-iot" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3681.json b/2017/3xxx/CVE-2017-3681.json index 7bc20ea0fb2..e14c09d3294 100644 --- a/2017/3xxx/CVE-2017-3681.json +++ b/2017/3xxx/CVE-2017-3681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3681", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3681", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3703.json b/2017/3xxx/CVE-2017-3703.json index 6ae0a52b6f2..2398c0732c4 100644 --- a/2017/3xxx/CVE-2017-3703.json +++ b/2017/3xxx/CVE-2017-3703.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3703", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3703", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7201.json b/2017/7xxx/CVE-2017-7201.json index b0987cbe172..88c4ee892ad 100644 --- a/2017/7xxx/CVE-2017-7201.json +++ b/2017/7xxx/CVE-2017-7201.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7201", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7201", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8559.json b/2017/8xxx/CVE-2017-8559.json index b58b71d34d7..5b9cd2ad528 100644 --- a/2017/8xxx/CVE-2017-8559.json +++ b/2017/8xxx/CVE-2017-8559.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-8559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Exchange" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka \"Microsoft Exchange Cross-Site Scripting Vulnerability\". This CVE ID is unique from CVE-2017-8560." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-8559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.", + "version": { + "version_data": [ + { + "version_value": "Microsoft Exchange" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8559", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8559" - }, - { - "name" : "99448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99448" - }, - { - "name" : "1038852", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka \"Microsoft Exchange Cross-Site Scripting Vulnerability\". This CVE ID is unique from CVE-2017-8560." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99448" + }, + { + "name": "1038852", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038852" + }, + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8559", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8559" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8855.json b/2017/8xxx/CVE-2017-8855.json index 014d4ddee83..1fa1130e417 100644 --- a/2017/8xxx/CVE-2017-8855.json +++ b/2017/8xxx/CVE-2017-8855.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wolfSSL/wolfssl/releases/tag/v3.11.0-stable", - "refsource" : "CONFIRM", - "url" : "https://github.com/wolfSSL/wolfssl/releases/tag/v3.11.0-stable" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wolfSSL/wolfssl/releases/tag/v3.11.0-stable", + "refsource": "CONFIRM", + "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v3.11.0-stable" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8900.json b/2017/8xxx/CVE-2017-8900.json index e0d550e908a..94af5e941e1 100644 --- a/2017/8xxx/CVE-2017-8900.json +++ b/2017/8xxx/CVE-2017-8900.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/bugs/1663157", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/1663157" - }, - { - "name" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html", - "refsource" : "CONFIRM", - "url" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html" - }, - { - "name" : "https://www.ubuntu.com/usn/usn-3285-1/", - "refsource" : "CONFIRM", - "url" : "https://www.ubuntu.com/usn/usn-3285-1/" - }, - { - "name" : "98554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98554" + }, + { + "name": "https://www.ubuntu.com/usn/usn-3285-1/", + "refsource": "CONFIRM", + "url": "https://www.ubuntu.com/usn/usn-3285-1/" + }, + { + "name": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html", + "refsource": "CONFIRM", + "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html" + }, + { + "name": "https://launchpad.net/bugs/1663157", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/1663157" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10335.json b/2018/10xxx/CVE-2018-10335.json index 28e1f2a7235..17a6ab89aa2 100644 --- a/2018/10xxx/CVE-2018-10335.json +++ b/2018/10xxx/CVE-2018-10335.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10335", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10335", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10516.json b/2018/10xxx/CVE-2018-10516.json index 96ee88d484a..f248eb3e7a0 100644 --- a/2018/10xxx/CVE-2018-10516.json +++ b/2018/10xxx/CVE-2018-10516.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In CMS Made Simple (CMSMS) through 2.2.7, the \"file rename\" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/itodaro/cmsms_cve/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/itodaro/cmsms_cve/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CMS Made Simple (CMSMS) through 2.2.7, the \"file rename\" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/itodaro/cmsms_cve/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/itodaro/cmsms_cve/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10768.json b/2018/10xxx/CVE-2018-10768.json index 6e63641d1b7..a7a4efca2c3 100644 --- a/2018/10xxx/CVE-2018-10768.json +++ b/2018/10xxx/CVE-2018-10768.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=106408", - "refsource" : "MISC", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=106408" - }, - { - "name" : "RHSA-2018:3140", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3140" - }, - { - "name" : "RHSA-2018:3505", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3505" - }, - { - "name" : "USN-3647-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3647-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=106408", + "refsource": "MISC", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=106408" + }, + { + "name": "[debian-lts-announce] 20181031 [SECURITY] [DLA 1562-1] poppler security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html" + }, + { + "name": "RHSA-2018:3505", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3505" + }, + { + "name": "USN-3647-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3647-1/" + }, + { + "name": "RHSA-2018:3140", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3140" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10911.json b/2018/10xxx/CVE-2018-10911.json index 469bb235149..35f7ed59531 100644 --- a/2018/10xxx/CVE-2018-10911.json +++ b/2018/10xxx/CVE-2018-10911.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-10911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "glusterfs:", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "glusterfs:", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" + "lang": "eng", + "value": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value." - } - ] - }, - "impact" : { - "cvss" : [ - [ + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" + "description": [ + { + "lang": "eng", + "value": "CWE-502" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-502" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-190" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911" - }, - { - "name" : "https://review.gluster.org/#/c/glusterfs/+/21067/", - "refsource" : "CONFIRM", - "url" : "https://review.gluster.org/#/c/glusterfs/+/21067/" - }, - { - "name" : "RHSA-2018:2607", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2607" - }, - { - "name" : "RHSA-2018:2608", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2608" - }, - { - "name" : "RHSA-2018:2892", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2892" - }, - { - "name" : "RHSA-2018:3242", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3242" - }, - { - "name" : "RHSA-2018:3470", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3470" - } - ] - } -} + ] + }, + "references": { + "reference_data": [ + { + "name": "https://review.gluster.org/#/c/glusterfs/+/21067/", + "refsource": "CONFIRM", + "url": "https://review.gluster.org/#/c/glusterfs/+/21067/" + }, + { + "name": "RHSA-2018:2607", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2607" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911" + }, + { + "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" + }, + { + "name": "RHSA-2018:2608", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2608" + }, + { + "name": "RHSA-2018:3470", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3470" + }, + { + "name": "RHSA-2018:2892", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2892" + }, + { + "name": "RHSA-2018:3242", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3242" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12383.json b/2018/12xxx/CVE-2018-12383.json index 675b5aec472..0bd6b063b98 100644 --- a/2018/12xxx/CVE-2018-12383.json +++ b/2018/12xxx/CVE-2018-12383.json @@ -1,170 +1,170 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "62" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.2.1" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "62" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.2.1" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-20/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-20/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-23/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-23/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-25/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-25/" - }, - { - "name" : "DSA-4304", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4304" - }, - { - "name" : "DSA-4327", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4327" - }, - { - "name" : "GLSA-201810-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-01" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:2834", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2834" - }, - { - "name" : "RHSA-2018:2835", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2835" - }, - { - "name" : "RHSA-2018:3403", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3403" - }, - { - "name" : "RHSA-2018:3458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3458" - }, - { - "name" : "USN-3761-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3761-1/" - }, - { - "name" : "USN-3793-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3793-1/" - }, - { - "name" : "105276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105276" - }, - { - "name" : "1041610", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041610" - }, - { - "name" : "1041701", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201810-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-01" + }, + { + "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775" + }, + { + "name": "DSA-4327", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4327" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-23/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/" + }, + { + "name": "RHSA-2018:2835", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2835" + }, + { + "name": "RHSA-2018:3403", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3403" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-20/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-20/" + }, + { + "name": "1041610", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041610" + }, + { + "name": "105276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105276" + }, + { + "name": "1041701", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041701" + }, + { + "name": "RHSA-2018:3458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3458" + }, + { + "name": "DSA-4304", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4304" + }, + { + "name": "RHSA-2018:2834", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2834" + }, + { + "name": "USN-3793-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3793-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-25/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/" + }, + { + "name": "USN-3761-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3761-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12420.json b/2018/12xxx/CVE-2018-12420.json index 6c9521b43c7..310aa5c63a6 100644 --- a/2018/12xxx/CVE-2018-12420.json +++ b/2018/12xxx/CVE-2018-12420.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gamonoid/icehrm/commit/025a8283ab5d679ff99a6b82398e4c8efed1ad9d", - "refsource" : "CONFIRM", - "url" : "https://github.com/gamonoid/icehrm/commit/025a8283ab5d679ff99a6b82398e4c8efed1ad9d" - }, - { - "name" : "https://github.com/gamonoid/icehrm/releases/tag/v23.0.1.OS", - "refsource" : "CONFIRM", - "url" : "https://github.com/gamonoid/icehrm/releases/tag/v23.0.1.OS" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gamonoid/icehrm/commit/025a8283ab5d679ff99a6b82398e4c8efed1ad9d", + "refsource": "CONFIRM", + "url": "https://github.com/gamonoid/icehrm/commit/025a8283ab5d679ff99a6b82398e4c8efed1ad9d" + }, + { + "name": "https://github.com/gamonoid/icehrm/releases/tag/v23.0.1.OS", + "refsource": "CONFIRM", + "url": "https://github.com/gamonoid/icehrm/releases/tag/v23.0.1.OS" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12459.json b/2018/12xxx/CVE-2018-12459.json index 0c65d4b8691..efa323ad8fa 100644 --- a/2018/12xxx/CVE-2018-12459.json +++ b/2018/12xxx/CVE-2018-12459.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12887.json b/2018/12xxx/CVE-2018-12887.json index 20fa613dabe..e0496f5521e 100644 --- a/2018/12xxx/CVE-2018-12887.json +++ b/2018/12xxx/CVE-2018-12887.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12887", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12887", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12981.json b/2018/12xxx/CVE-2018-12981.json index 545c8c8f212..c4277ee9c72 100644 --- a/2018/12xxx/CVE-2018-12981.json +++ b/2018/12xxx/CVE-2018-12981.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45014", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45014/" - }, - { - "name" : "20180711 SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/38" - }, - { - "name" : "https://cert.vde.com/en-us/advisories/vde-2018-010", - "refsource" : "MISC", - "url" : "https://cert.vde.com/en-us/advisories/vde-2018-010" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02" - }, - { - "name" : "https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU", - "refsource" : "CONFIRM", - "url" : "https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert.vde.com/en-us/advisories/vde-2018-010", + "refsource": "MISC", + "url": "https://cert.vde.com/en-us/advisories/vde-2018-010" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02" + }, + { + "name": "https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU", + "refsource": "CONFIRM", + "url": "https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU" + }, + { + "name": "45014", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45014/" + }, + { + "name": "20180711 SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/38" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13160.json b/2018/13xxx/CVE-2018-13160.json index dac6aee25c3..1cd1a0e0b32 100644 --- a/2018/13xxx/CVE-2018-13160.json +++ b/2018/13xxx/CVE-2018-13160.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/etktokens", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/etktokens" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/etktokens", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/etktokens" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13317.json b/2018/13xxx/CVE-2018-13317.json index 44cc41a5a4f..93f8a641a43 100644 --- a/2018/13xxx/CVE-2018-13317.json +++ b/2018/13xxx/CVE-2018-13317.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13477.json b/2018/13xxx/CVE-2018-13477.json index bfe41028bf5..19b12d4b11d 100644 --- a/2018/13xxx/CVE-2018-13477.json +++ b/2018/13xxx/CVE-2018-13477.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for CTESale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CTESale", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CTESale" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for CTESale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CTESale", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CTESale" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13559.json b/2018/13xxx/CVE-2018-13559.json index 163c8d9e8d9..8fb53035777 100644 --- a/2018/13xxx/CVE-2018-13559.json +++ b/2018/13xxx/CVE-2018-13559.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for UTCT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UTCT", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UTCT" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for UTCT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UTCT", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UTCT" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13647.json b/2018/13xxx/CVE-2018-13647.json index faaaa413640..dfd056da863 100644 --- a/2018/13xxx/CVE-2018-13647.json +++ b/2018/13xxx/CVE-2018-13647.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for TrueGoldCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TrueGoldCoinToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TrueGoldCoinToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for TrueGoldCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TrueGoldCoinToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TrueGoldCoinToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13673.json b/2018/13xxx/CVE-2018-13673.json index f6344eafc13..0933f7ebc0d 100644 --- a/2018/13xxx/CVE-2018-13673.json +++ b/2018/13xxx/CVE-2018-13673.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GoldTokenERC20", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GoldTokenERC20" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GoldTokenERC20", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GoldTokenERC20" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13737.json b/2018/13xxx/CVE-2018-13737.json index 011717c9721..682c3a8aebe 100644 --- a/2018/13xxx/CVE-2018-13737.json +++ b/2018/13xxx/CVE-2018-13737.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AnovaBace", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AnovaBace" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AnovaBace", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AnovaBace" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17465.json b/2018/17xxx/CVE-2018-17465.json index 6b4c9517632..c4501e3e749 100644 --- a/2018/17xxx/CVE-2018-17465.json +++ b/2018/17xxx/CVE-2018-17465.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-17465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : " 70.0.3538.67" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Uninitialized Use" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-17465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": " 70.0.3538.67" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/870226", - "refsource" : "MISC", - "url" : "https://crbug.com/870226" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4330", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4330" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:3004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3004" - }, - { - "name" : "105666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uninitialized Use" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4330", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4330" + }, + { + "name": "https://crbug.com/870226", + "refsource": "MISC", + "url": "https://crbug.com/870226" + }, + { + "name": "RHSA-2018:3004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3004" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + }, + { + "name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" + }, + { + "name": "105666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105666" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17544.json b/2018/17xxx/CVE-2018-17544.json index b8dcd4e313f..0e106e68e0d 100644 --- a/2018/17xxx/CVE-2018-17544.json +++ b/2018/17xxx/CVE-2018-17544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17544", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17544", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17847.json b/2018/17xxx/CVE-2018-17847.json index 2bb24ef2d79..cca7970a48f 100644 --- a/2018/17xxx/CVE-2018-17847.json +++ b/2018/17xxx/CVE-2018-17847.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The html package (aka x/net/html) through 2018-09-25 in Go mishandles