diff --git a/2004/0xxx/CVE-2004-0168.json b/2004/0xxx/CVE-2004-0168.json index 7d25954abf4..90b36ba2693 100644 --- a/2004/0xxx/CVE-2004-0168.json +++ b/2004/0xxx/CVE-2004-0168.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to \"notification logging.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-02-23", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" - }, - { - "name" : "10959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10959/" - }, - { - "name" : "macos-corefoundation-unknown(15299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to \"notification logging.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10959/" + }, + { + "name": "APPLE-SA-2004-02-23", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" + }, + { + "name": "macos-corefoundation-unknown(15299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15299" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0299.json b/2004/0xxx/CVE-2004-0299.json index 8a4bd2440ec..9de53775d5c 100644 --- a/2004/0xxx/CVE-2004-0299.json +++ b/2004/0xxx/CVE-2004-0299.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of \"/\" (slash) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040217 Smallftpd 1.0.3 DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107714207708375&w=2" - }, - { - "name" : "9684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9684" - }, - { - "name" : "smallftpd-forwardslash-dos(15262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of \"/\" (slash) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9684" + }, + { + "name": "smallftpd-forwardslash-dos(15262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15262" + }, + { + "name": "20040217 Smallftpd 1.0.3 DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107714207708375&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0338.json b/2004/0xxx/CVE-2004-0338.json index c60adfa3a91..2e1e0c2629b 100644 --- a/2004/0xxx/CVE-2004-0338.json +++ b/2004/0xxx/CVE-2004-0338.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040228 Invision Power Board SQL injection!", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107799527428834&w=2" - }, - { - "name" : "invision-search-sql-injection(15343)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15343" - }, - { - "name" : "9766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9766" + }, + { + "name": "invision-search-sql-injection(15343)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15343" + }, + { + "name": "20040228 Invision Power Board SQL injection!", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107799527428834&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0472.json b/2004/0xxx/CVE-2004-0472.json index 0e0a79b1d3b..e1a1b1dfa4c 100644 --- a/2004/0xxx/CVE-2004-0472.json +++ b/2004/0xxx/CVE-2004-0472.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0472", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a reservation duplicate of CVE-2004-0434. Notes: All CVE users should reference CVE-2004-0434 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0472", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a reservation duplicate of CVE-2004-0434. Notes: All CVE users should reference CVE-2004-0434 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0696.json b/2004/0xxx/CVE-2004-0696.json index 81a32fa212e..a3554dbe324 100644 --- a/2004/0xxx/CVE-2004-0696.json +++ b/2004/0xxx/CVE-2004-0696.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a \"*\" (asterisk) character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A071304-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2004/a071304-1.txt" - }, - { - "name" : "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt", - "refsource" : "MISC", - "url" : "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt" - }, - { - "name" : "10721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10721" - }, - { - "name" : "4dwebstar-view-directory-listing(16687)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a \"*\" (asterisk) character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A071304-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2004/a071304-1.txt" + }, + { + "name": "4dwebstar-view-directory-listing(16687)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16687" + }, + { + "name": "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt", + "refsource": "MISC", + "url": "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt" + }, + { + "name": "10721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10721" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0964.json b/2004/0xxx/CVE-2004-0964.json index 873711999f4..20e6ae34812 100644 --- a/2004/0xxx/CVE-2004-0964.json +++ b/2004/0xxx/CVE-2004-0964.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040924 Buffer overflow in Zinf 2.2.1 for Win32", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109608092609200&w=2" - }, - { - "name" : "20040927 Re: Buffer overflow in Zinf 2.2.1 for Win32+exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109638486728548&w=2" - }, - { - "name" : "DSA-587", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-587" - }, - { - "name" : "11248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11248" - }, - { - "name" : "12656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12656" - }, - { - "name" : "8341", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8341" - }, - { - "name" : "zinf-pls-bo(17491)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040927 Re: Buffer overflow in Zinf 2.2.1 for Win32+exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109638486728548&w=2" + }, + { + "name": "11248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11248" + }, + { + "name": "12656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12656" + }, + { + "name": "20040924 Buffer overflow in Zinf 2.2.1 for Win32", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109608092609200&w=2" + }, + { + "name": "8341", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8341" + }, + { + "name": "zinf-pls-bo(17491)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17491" + }, + { + "name": "DSA-587", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-587" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1046.json b/2004/1xxx/CVE-2004-1046.json index a010807449d..b296c67717c 100644 --- a/2004/1xxx/CVE-2004-1046.json +++ b/2004/1xxx/CVE-2004-1046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1075.json b/2004/1xxx/CVE-2004-1075.json index 51cb4b9fd75..f8df8ac01c6 100644 --- a/2004/1xxx/CVE-2004-1075.json +++ b/2004/1xxx/CVE-2004-1075.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041124 STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110138568212036&w=2" - }, - { - "name" : "20041126 Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110149122529761&w=2" - }, - { - "name" : "http://zwiki.org/925ZwikiXSSVulnerability", - "refsource" : "CONFIRM", - "url" : "http://zwiki.org/925ZwikiXSSVulnerability" - }, - { - "name" : "GLSA-200412-23", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200412-23.xml" - }, - { - "name" : "11745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11745" - }, - { - "name" : "zwiki-link-xss(18237)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11745" + }, + { + "name": "20041124 STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110138568212036&w=2" + }, + { + "name": "20041126 Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110149122529761&w=2" + }, + { + "name": "http://zwiki.org/925ZwikiXSSVulnerability", + "refsource": "CONFIRM", + "url": "http://zwiki.org/925ZwikiXSSVulnerability" + }, + { + "name": "zwiki-link-xss(18237)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18237" + }, + { + "name": "GLSA-200412-23", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-23.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1629.json b/2004/1xxx/CVE-2004-1629.json index 6533383e875..3dc1c642e9c 100644 --- a/2004/1xxx/CVE-2004-1629.json +++ b/2004/1xxx/CVE-2004-1629.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041023 dwc_articles possible sql injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109855895702903&w=2" - }, - { - "name" : "11509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11509" - }, - { - "name" : "dwc-articles-sql-injection(17830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dwc-articles-sql-injection(17830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17830" + }, + { + "name": "20041023 dwc_articles possible sql injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109855895702903&w=2" + }, + { + "name": "11509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11509" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2454.json b/2004/2xxx/CVE-2004-2454.json index bfba0c025c0..d5695d7a81c 100644 --- a/2004/2xxx/CVE-2004-2454.json +++ b/2004/2xxx/CVE-2004-2454.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=976450&group_id=54091&atid=472655", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=976450&group_id=54091&atid=472655" - }, - { - "name" : "8123", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8123" - }, - { - "name" : "1010555", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010555" - }, - { - "name" : "amsn-hotlog-obtain-passwords(16479)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1010555", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010555" + }, + { + "name": "8123", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8123" + }, + { + "name": "amsn-hotlog-obtain-passwords(16479)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16479" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=976450&group_id=54091&atid=472655", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=976450&group_id=54091&atid=472655" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2127.json b/2008/2xxx/CVE-2008-2127.json index 39d7c3d63d7..4fb281ece0f 100644 --- a/2008/2xxx/CVE-2008-2127.json +++ b/2008/2xxx/CVE-2008-2127.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon 2.2 Ultimate allows remote attackers to inject arbitrary web script or HTML via the what parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5558", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5558" - }, - { - "name" : "29099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29099" - }, - { - "name" : "30098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30098" - }, - { - "name" : "cmsfaethon-search-xss(42258)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon 2.2 Ultimate allows remote attackers to inject arbitrary web script or HTML via the what parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30098" + }, + { + "name": "cmsfaethon-search-xss(42258)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42258" + }, + { + "name": "5558", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5558" + }, + { + "name": "29099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29099" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2439.json b/2008/2xxx/CVE-2008-2439.json index 0bcb328757f..e0015785d57 100644 --- a/2008/2xxx/CVE-2008-2439.json +++ b/2008/2xxx/CVE-2008-2439.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-2439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081003 Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496970/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-39/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-39/" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt" - }, - { - "name" : "31531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31531" - }, - { - "name" : "1020975", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020975" - }, - { - "name" : "ADV-2008-2711", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2711" - }, - { - "name" : "ADV-2008-2712", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2712" - }, - { - "name" : "31343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31343" - }, - { - "name" : "32097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32097" - }, - { - "name" : "trendmicro-tmlisten-directory-traversal(45597)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2711", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2711" + }, + { + "name": "31531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31531" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt" + }, + { + "name": "1020975", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020975" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt" + }, + { + "name": "32097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32097" + }, + { + "name": "trendmicro-tmlisten-directory-traversal(45597)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt" + }, + { + "name": "20081003 Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496970/100/0/threaded" + }, + { + "name": "31343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31343" + }, + { + "name": "ADV-2008-2712", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2712" + }, + { + "name": "http://secunia.com/secunia_research/2008-39/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-39/" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2606.json b/2008/2xxx/CVE-2008-2606.json index 03bb94a5da2..7e2e14782b2 100644 --- a/2008/2xxx/CVE-2008-2606.json +++ b/2008/2xxx/CVE-2008-2606.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2586." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020495", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020495" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2586." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "1020495", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020495" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2959.json b/2008/2xxx/CVE-2008-2959.json index f266472a324..4415b499dc8 100644 --- a/2008/2xxx/CVE-2008-2959.json +++ b/2008/2xxx/CVE-2008-2959.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5851", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5851" - }, - { - "name" : "29792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29792" - }, - { - "name" : "visualbasic-vb6skit-bo(43180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5851", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5851" + }, + { + "name": "29792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29792" + }, + { + "name": "visualbasic-vb6skit-bo(43180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43180" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3005.json b/2008/3xxx/CVE-2008-3005.json index 73a6f309917..848b84b57e7 100644 --- a/2008/3xxx/CVE-2008-3005.json +++ b/2008/3xxx/CVE-2008-3005.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the \"Excel Index Array Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-3005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080812 Microsoft Excel FORMAT Record Invalid Array Index Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741" - }, - { - "name" : "HPSBST02360", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "SSRT080117", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "MS08-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043" - }, - { - "name" : "TA08-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" - }, - { - "name" : "30639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30639" - }, - { - "name" : "oval:org.mitre.oval:def:5837", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837" - }, - { - "name" : "ADV-2008-2347", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2347" - }, - { - "name" : "1020671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020671" - }, - { - "name" : "31454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the \"Excel Index Array Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA08-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" + }, + { + "name": "20080812 Microsoft Excel FORMAT Record Invalid Array Index Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741" + }, + { + "name": "oval:org.mitre.oval:def:5837", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837" + }, + { + "name": "HPSBST02360", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "SSRT080117", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "MS08-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043" + }, + { + "name": "1020671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020671" + }, + { + "name": "30639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30639" + }, + { + "name": "31454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31454" + }, + { + "name": "ADV-2008-2347", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2347" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3311.json b/2008/3xxx/CVE-2008-3311.json index 3d5f4741bbf..4ddeabcbc9c 100644 --- a/2008/3xxx/CVE-2008-3311.json +++ b/2008/3xxx/CVE-2008-3311.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080721 Flip V3.0 final", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494585/100/0/threaded" - }, - { - "name" : "30312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30312" - }, - { - "name" : "4040", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4040" - }, - { - "name" : "flip-config-file-include(43943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30312" + }, + { + "name": "flip-config-file-include(43943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43943" + }, + { + "name": "20080721 Flip V3.0 final", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494585/100/0/threaded" + }, + { + "name": "4040", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4040" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3342.json b/2008/3xxx/CVE-2008-3342.json index 6d63206b680..b8f676855c6 100644 --- a/2008/3xxx/CVE-2008-3342.json +++ b/2008/3xxx/CVE-2008-3342.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080719 EasyPublish 3.0tr Multiple Vulnerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit )", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494556/100/0/threaded" - }, - { - "name" : "30307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30307" - }, - { - "name" : "ADV-2008-2164", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2164/references" - }, - { - "name" : "31193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31193" - }, - { - "name" : "4050", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4050" - }, - { - "name" : "easypublish-read-xss(43919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4050", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4050" + }, + { + "name": "ADV-2008-2164", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2164/references" + }, + { + "name": "30307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30307" + }, + { + "name": "easypublish-read-xss(43919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43919" + }, + { + "name": "20080719 EasyPublish 3.0tr Multiple Vulnerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit )", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494556/100/0/threaded" + }, + { + "name": "31193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31193" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3423.json b/2008/3xxx/CVE-2008-3423.json index 305ddfcc2c4..648a6b1a634 100644 --- a/2008/3xxx/CVE-2008-3423.json +++ b/2008/3xxx/CVE-2008-3423.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PK67104", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104" - }, - { - "name" : "30500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30500" - }, - { - "name" : "ADV-2008-2405", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2405" - }, - { - "name" : "1020712", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020712" - }, - { - "name" : "31443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31443" - }, - { - "name" : "ibm-websphereportal-unspecified-auth-bypass(44264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020712", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020712" + }, + { + "name": "ibm-websphereportal-unspecified-auth-bypass(44264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44264" + }, + { + "name": "30500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30500" + }, + { + "name": "ADV-2008-2405", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2405" + }, + { + "name": "PK67104", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104" + }, + { + "name": "31443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31443" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3764.json b/2008/3xxx/CVE-2008-3764.json index 163327cdaaa..32b8f152414 100644 --- a/2008/3xxx/CVE-2008-3764.json +++ b/2008/3xxx/CVE-2008-3764.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080816 PHP Live Helper <= 2.0.1 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495542/100/0/threaded" - }, - { - "name" : "6261", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6261" - }, - { - "name" : "http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt", - "refsource" : "MISC", - "url" : "http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00124-08162008", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00124-08162008" - }, - { - "name" : "30729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30729" - }, - { - "name" : "31521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31521" - }, - { - "name" : "4178", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4178" - }, - { - "name" : "phplivehelper-chat-code-execution(44571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6261", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6261" + }, + { + "name": "4178", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4178" + }, + { + "name": "20080816 PHP Live Helper <= 2.0.1 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495542/100/0/threaded" + }, + { + "name": "30729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30729" + }, + { + "name": "http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt", + "refsource": "MISC", + "url": "http://demos.turnkeywebtools.com/phplivehelper/docs/change_log.txt" + }, + { + "name": "31521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31521" + }, + { + "name": "phplivehelper-chat-code-execution(44571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44571" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00124-08162008", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00124-08162008" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3935.json b/2008/3xxx/CVE-2008-3935.json index 0ea1f13486d..1514cbe231d 100644 --- a/2008/3xxx/CVE-2008-3935.json +++ b/2008/3xxx/CVE-2008-3935.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.d-ic.com/free/05/shop_v50.html", - "refsource" : "CONFIRM", - "url" : "http://www.d-ic.com/free/05/shop_v50.html" - }, - { - "name" : "http://www.d-ic.com/free/05/shop_v52.html", - "refsource" : "CONFIRM", - "url" : "http://www.d-ic.com/free/05/shop_v52.html" - }, - { - "name" : "JVN#79914432", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN79914432/index.html" - }, - { - "name" : "31006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31006" - }, - { - "name" : "31652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#79914432", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN79914432/index.html" + }, + { + "name": "31006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31006" + }, + { + "name": "http://www.d-ic.com/free/05/shop_v50.html", + "refsource": "CONFIRM", + "url": "http://www.d-ic.com/free/05/shop_v50.html" + }, + { + "name": "31652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31652" + }, + { + "name": "http://www.d-ic.com/free/05/shop_v52.html", + "refsource": "CONFIRM", + "url": "http://www.d-ic.com/free/05/shop_v52.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6123.json b/2008/6xxx/CVE-2008-6123.json index f1138acdf4f..c723b36d005 100644 --- a/2008/6xxx/CVE-2008-6123.json +++ b/2008/6xxx/CVE-2008-6123.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to \"source/destination IP address confusion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090212 CVE Request -- net-snmp (sensitive host information disclosure)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/12/2" - }, - { - "name" : "[oss-security] Re: 20090212 CVE Request -- net-snmp (sensitive host information disclosure)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/12/4" - }, - { - "name" : "[oss-security] 20090212 Re: CVE Request -- net-snmp (sensitive host information disclosure)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/12/7" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=250429", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=250429" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=485211", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=485211" - }, - { - "name" : "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367", - "refsource" : "CONFIRM", - "url" : "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367" - }, - { - "name" : "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367", - "refsource" : "MISC", - "url" : "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367" - }, - { - "name" : "RHSA-2009:0295", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0295.html" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "SUSE-SR:2010:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:10289", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289" - }, - { - "name" : "1021921", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021921" - }, - { - "name" : "34499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34499" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to \"source/destination IP address confusion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090212 CVE Request -- net-snmp (sensitive host information disclosure)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/12/2" + }, + { + "name": "[oss-security] 20090212 Re: CVE Request -- net-snmp (sensitive host information disclosure)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/12/7" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=250429", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=250429" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=485211", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=485211" + }, + { + "name": "[oss-security] Re: 20090212 CVE Request -- net-snmp (sensitive host information disclosure)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/12/4" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "SUSE-SR:2010:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html" + }, + { + "name": "RHSA-2009:0295", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0295.html" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "34499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34499" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367", + "refsource": "CONFIRM", + "url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367" + }, + { + "name": "oval:org.mitre.oval:def:10289", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289" + }, + { + "name": "1021921", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021921" + }, + { + "name": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367", + "refsource": "MISC", + "url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6258.json b/2008/6xxx/CVE-2008-6258.json index 959ba3d4e96..3632511b128 100644 --- a/2008/6xxx/CVE-2008-6258.json +++ b/2008/6xxx/CVE-2008-6258.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7141", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7141" - }, - { - "name" : "32329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32329" - }, - { - "name" : "32742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32742" - }, - { - "name" : "qshop-userid-sql-injection(46649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "qshop-userid-sql-injection(46649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46649" + }, + { + "name": "7141", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7141" + }, + { + "name": "32329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32329" + }, + { + "name": "32742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32742" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6558.json b/2008/6xxx/CVE-2008-6558.json index dacb2944b2c..e2d4deb468d 100644 --- a/2008/6xxx/CVE-2008-6558.json +++ b/2008/6xxx/CVE-2008-6558.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5356", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5356" - }, - { - "name" : "SCOSA-2008.3", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/unixware7/714/security/p534850/p534850.txt" - }, - { - "name" : "28624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28624" - }, - { - "name" : "46706", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46706" - }, - { - "name" : "46707", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46707" - }, - { - "name" : "30921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28624" + }, + { + "name": "5356", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5356" + }, + { + "name": "SCOSA-2008.3", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p534850/p534850.txt" + }, + { + "name": "30921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30921" + }, + { + "name": "46706", + "refsource": "OSVDB", + "url": "http://osvdb.org/46706" + }, + { + "name": "46707", + "refsource": "OSVDB", + "url": "http://osvdb.org/46707" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6792.json b/2008/6xxx/CVE-2008-6792.json index ec22d056081..1f96b8a7661 100644 --- a/2008/6xxx/CVE-2008-6792.json +++ b/2008/6xxx/CVE-2008-6792.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by \"Users and Groups\" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/bugs/287134", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/287134" - }, - { - "name" : "USN-663-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-663-1" - }, - { - "name" : "50037", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50037" - }, - { - "name" : "32566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32566" - }, - { - "name" : "stb-password-weak-security(50435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by \"Users and Groups\" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50037", + "refsource": "OSVDB", + "url": "http://osvdb.org/50037" + }, + { + "name": "https://launchpad.net/bugs/287134", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/287134" + }, + { + "name": "stb-password-weak-security(50435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50435" + }, + { + "name": "USN-663-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-663-1" + }, + { + "name": "32566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32566" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7300.json b/2008/7xxx/CVE-2008-7300.json index 364b8ad185a..7fb431d5e53 100644 --- a/2008/7xxx/CVE-2008-7300.json +++ b/2008/7xxx/CVE-2008-7300.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "240099", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240099-1" - }, - { - "name" : "30602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30602" - }, - { - "name" : "31412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30602" + }, + { + "name": "31412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31412" + }, + { + "name": "240099", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240099-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2008.json b/2013/2xxx/CVE-2013-2008.json index 12aae291f0c..bd5395fe58e 100644 --- a/2013/2xxx/CVE-2013-2008.json +++ b/2013/2xxx/CVE-2013-2008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2087.json b/2013/2xxx/CVE-2013-2087.json index f45e6a924d1..182fc35595b 100644 --- a/2013/2xxx/CVE-2013-2087.json +++ b/2013/2xxx/CVE-2013-2087.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to modules/gallery/views/error_admin.html.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130513 CVE request: Gallery multiple XSS vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/13/2" - }, - { - "name" : "[oss-security] 20130514 Re: CVE request: Gallery multiple XSS vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/14/1" - }, - { - "name" : "http://galleryproject.org/gallery_3_0_7", - "refsource" : "CONFIRM", - "url" : "http://galleryproject.org/gallery_3_0_7" - }, - { - "name" : "http://sourceforge.net/apps/trac/gallery/ticket/2064", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/apps/trac/gallery/ticket/2064" - }, - { - "name" : "59469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59469" - }, - { - "name" : "92691", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92691" - }, - { - "name" : "92740", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to modules/gallery/views/error_admin.html.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/apps/trac/gallery/ticket/2064", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/apps/trac/gallery/ticket/2064" + }, + { + "name": "[oss-security] 20130514 Re: CVE request: Gallery multiple XSS vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/14/1" + }, + { + "name": "[oss-security] 20130513 CVE request: Gallery multiple XSS vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/13/2" + }, + { + "name": "92691", + "refsource": "OSVDB", + "url": "http://osvdb.org/92691" + }, + { + "name": "59469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59469" + }, + { + "name": "92740", + "refsource": "OSVDB", + "url": "http://osvdb.org/92740" + }, + { + "name": "http://galleryproject.org/gallery_3_0_7", + "refsource": "CONFIRM", + "url": "http://galleryproject.org/gallery_3_0_7" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2557.json b/2013/2xxx/CVE-2013-2557.json index b13c030f5bd..98247e6a659 100644 --- a/2013/2xxx/CVE-2013-2557.json +++ b/2013/2xxx/CVE-2013-2557.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", - "refsource" : "MISC", - "url" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" - }, - { - "name" : "http://twitter.com/VUPEN/statuses/309713355466227713", - "refsource" : "MISC", - "url" : "http://twitter.com/VUPEN/statuses/309713355466227713" - }, - { - "name" : "http://twitter.com/thezdi/statuses/309756927301283840", - "refsource" : "MISC", - "url" : "http://twitter.com/thezdi/statuses/309756927301283840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://twitter.com/VUPEN/statuses/309713355466227713", + "refsource": "MISC", + "url": "http://twitter.com/VUPEN/statuses/309713355466227713" + }, + { + "name": "http://twitter.com/thezdi/statuses/309756927301283840", + "refsource": "MISC", + "url": "http://twitter.com/thezdi/statuses/309756927301283840" + }, + { + "name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", + "refsource": "MISC", + "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11077.json b/2017/11xxx/CVE-2017-11077.json index 2d45919d4fd..a8682cc7ae3 100644 --- a/2017/11xxx/CVE-2017-11077.json +++ b/2017/11xxx/CVE-2017-11077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11077", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11077", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11682.json b/2017/11xxx/CVE-2017-11682.json index 630d5d8a6ec..3e31bbf77d8 100644 --- a/2017/11xxx/CVE-2017-11682.json +++ b/2017/11xxx/CVE-2017-11682.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/s3inlc/hashtopussy/issues/241", - "refsource" : "MISC", - "url" : "https://github.com/s3inlc/hashtopussy/issues/241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/s3inlc/hashtopussy/issues/241", + "refsource": "MISC", + "url": "https://github.com/s3inlc/hashtopussy/issues/241" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11832.json b/2017/11xxx/CVE-2017-11832.json index dd738195087..8118ba73bb7 100644 --- a/2017/11xxx/CVE-2017-11832.json +++ b/2017/11xxx/CVE-2017-11832.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Graphics Component", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka \"Windows EOT Font Engine Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-11835." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Graphics Component", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11832", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11832" - }, - { - "name" : "101726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101726" - }, - { - "name" : "1039782", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka \"Windows EOT Font Engine Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-11835." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11832", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11832" + }, + { + "name": "1039782", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039782" + }, + { + "name": "101726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101726" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11867.json b/2017/11xxx/CVE-2017-11867.json index fafd4c078a1..91f58c394bb 100644 --- a/2017/11xxx/CVE-2017-11867.json +++ b/2017/11xxx/CVE-2017-11867.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11867", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11867", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11940.json b/2017/11xxx/CVE-2017-11940.json index 258a5734ad8..6ca63199c90 100644 --- a/2017/11xxx/CVE-2017-11940.json +++ b/2017/11xxx/CVE-2017-11940.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Malware Protection Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\". This is different than CVE-2017-11937." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Malware Protection Engine", + "version": { + "version_data": [ + { + "version_value": "Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11940", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11940" - }, - { - "name" : "102104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102104" - }, - { - "name" : "1039972", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\". This is different than CVE-2017-11937." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11940", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11940" + }, + { + "name": "1039972", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039972" + }, + { + "name": "102104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102104" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14335.json b/2017/14xxx/CVE-2017-14335.json index 07417ad9ad4..5ff61fdb496 100644 --- a/2017/14xxx/CVE-2017-14335.json +++ b/2017/14xxx/CVE-2017-14335.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.securiteam.com/index.php/archives/3420", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/3420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.securiteam.com/index.php/archives/3420", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/3420" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14500.json b/2017/14xxx/CVE-2017-14500.json index 8ca1e4b3df2..3bc3c3461cb 100644 --- a/2017/14xxx/CVE-2017-14500.json +++ b/2017/14xxx/CVE-2017-14500.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/09/16/1", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/09/16/1" - }, - { - "name" : "https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333", - "refsource" : "MISC", - "url" : "https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333" - }, - { - "name" : "https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260", - "refsource" : "MISC", - "url" : "https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260" - }, - { - "name" : "https://github.com/akrennmair/newsbeuter/issues/598", - "refsource" : "MISC", - "url" : "https://github.com/akrennmair/newsbeuter/issues/598" - }, - { - "name" : "DSA-3977", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3977", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3977" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/09/16/1", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/09/16/1" + }, + { + "name": "https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260", + "refsource": "MISC", + "url": "https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260" + }, + { + "name": "https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333", + "refsource": "MISC", + "url": "https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333" + }, + { + "name": "https://github.com/akrennmair/newsbeuter/issues/598", + "refsource": "MISC", + "url": "https://github.com/akrennmair/newsbeuter/issues/598" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14614.json b/2017/14xxx/CVE-2017-14614.json index afef73eee72..5ac5ca1cd47 100644 --- a/2017/14xxx/CVE-2017-14614.json +++ b/2017/14xxx/CVE-2017-14614.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20171005 [CVE-2017-14614] GridGain Visor GUI Console - File System Path Traversal", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/10/05/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20171005 [CVE-2017-14614] GridGain Visor GUI Console - File System Path Traversal", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/10/05/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14930.json b/2017/14xxx/CVE-2017-14930.json index 1558db0242f..b1e83139906 100644 --- a/2017/14xxx/CVE-2017-14930.json +++ b/2017/14xxx/CVE-2017-14930.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22191", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22191", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15403.json b/2017/15xxx/CVE-2017-15403.json index 5a182b2d4d6..99dd700e104 100644 --- a/2017/15xxx/CVE-2017-15403.json +++ b/2017/15xxx/CVE-2017-15403.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2017-15403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "61.0.3163.113" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Script injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-15403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "61.0.3163.113" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/766271", - "refsource" : "MISC", - "url" : "https://crbug.com/766271" - }, - { - "name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-updates-for-chrome-os.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-updates-for-chrome-os.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Script injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/766271", + "refsource": "MISC", + "url": "https://crbug.com/766271" + }, + { + "name": "https://chromereleases.googleblog.com/2017/10/stable-channel-updates-for-chrome-os.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-updates-for-chrome-os.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15408.json b/2017/15xxx/CVE-2017-15408.json index acc3865c1b5..1bd3e8c2803 100644 --- a/2017/15xxx/CVE-2017-15408.json +++ b/2017/15xxx/CVE-2017-15408.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-15408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 63.0.3239.84 unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 63.0.3239.84 unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-15408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 63.0.3239.84 unknown", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 63.0.3239.84 unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/762374", - "refsource" : "MISC", - "url" : "https://crbug.com/762374" - }, - { - "name" : "DSA-4064", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4064" - }, - { - "name" : "GLSA-201801-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-03" - }, - { - "name" : "RHSA-2017:3401", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3401", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3401" + }, + { + "name": "https://crbug.com/762374", + "refsource": "MISC", + "url": "https://crbug.com/762374" + }, + { + "name": "GLSA-201801-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-03" + }, + { + "name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" + }, + { + "name": "DSA-4064", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4064" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15669.json b/2017/15xxx/CVE-2017-15669.json index a028bdeda5b..673c9be3626 100644 --- a/2017/15xxx/CVE-2017-15669.json +++ b/2017/15xxx/CVE-2017-15669.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15669", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15669", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8993.json b/2017/8xxx/CVE-2017-8993.json index 63211c571b9..e9c9e2ec021 100644 --- a/2017/8xxx/CVE-2017-8993.json +++ b/2017/8xxx/CVE-2017-8993.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-09T00:00:00", - "ID" : "CVE-2017-8993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Project and Portfolio Management (PPM)", - "version" : { - "version_data" : [ - { - "version_value" : "v9.30, v9.31, v9.32, v9.40" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-09T00:00:00", + "ID": "CVE-2017-8993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Project and Portfolio Management (PPM)", + "version": { + "version_data": [ + { + "version_value": "v9.30, v9.31, v9.32, v9.40" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03766en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03766en_us" - }, - { - "name" : "100087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100087" - }, - { - "name" : "1039065", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100087" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03766en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03766en_us" + }, + { + "name": "1039065", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039065" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9240.json b/2017/9xxx/CVE-2017-9240.json index 258cdb50e26..34fe4d2369c 100644 --- a/2017/9xxx/CVE-2017-9240.json +++ b/2017/9xxx/CVE-2017-9240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000091.json b/2018/1000xxx/CVE-2018-1000091.json index 55bc811f0da..3b512f3f7c9 100644 --- a/2018/1000xxx/CVE-2018-1000091.json +++ b/2018/1000xxx/CVE-2018-1000091.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/15/2018 1:25:01", - "ID" : "CVE-2018-1000091", - "REQUESTER" : "sajeeb.lohani@bulletproof.sh", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "KadNode", - "version" : { - "version_data" : [ - { - "version_value" : "version 2.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "KadNode" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up the binary that can result in Control of program execution flow, leading to remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/15/2018 1:25:01", + "ID": "CVE-2018-1000091", + "REQUESTER": "sajeeb.lohani@bulletproof.sh", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mwarning/KadNode/issues/79", - "refsource" : "MISC", - "url" : "https://github.com/mwarning/KadNode/issues/79" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up the binary that can result in Control of program execution flow, leading to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mwarning/KadNode/issues/79", + "refsource": "MISC", + "url": "https://github.com/mwarning/KadNode/issues/79" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000865.json b/2018/1000xxx/CVE-2018-1000865.json index 50f92a64a48..3daa1522a9d 100644 --- a/2018/1000xxx/CVE-2018-1000865.json +++ b/2018/1000xxx/CVE-2018-1000865.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-09T22:41:05.610667", - "ID" : "CVE-2018-1000865", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Script Security Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.47 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-184, CWE-693" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-09T22:41:05.610667", + "ID": "CVE-2018-1000865", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186" - }, - { - "name" : "RHBA-2019:0326", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2019:0326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186" + }, + { + "name": "RHBA-2019:0326", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2019:0326" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12097.json b/2018/12xxx/CVE-2018-12097.json index 29a28d3e9ce..d6cc0a31efe 100644 --- a/2018/12xxx/CVE-2018-12097.json +++ b/2018/12xxx/CVE-2018-12097.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180614 liblnk 20180419 vulns", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jun/33" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180614 liblnk 20180419 vulns", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jun/33" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12112.json b/2018/12xxx/CVE-2018-12112.json index 2b2defe0843..22695834a45 100644 --- a/2018/12xxx/CVE-2018-12112.json +++ b/2018/12xxx/CVE-2018-12112.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mity/md4c/issues/42", - "refsource" : "MISC", - "url" : "https://github.com/mity/md4c/issues/42" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mity/md4c/issues/42", + "refsource": "MISC", + "url": "https://github.com/mity/md4c/issues/42" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12349.json b/2018/12xxx/CVE-2018-12349.json index ebaf3af5db1..24242bb6351 100644 --- a/2018/12xxx/CVE-2018-12349.json +++ b/2018/12xxx/CVE-2018-12349.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12349", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12349", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12800.json b/2018/12xxx/CVE-2018-12800.json index 77cb6ea03a3..adf09d8e73e 100644 --- a/2018/12xxx/CVE-2018-12800.json +++ b/2018/12xxx/CVE-2018-12800.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12800", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12800", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13387.json b/2018/13xxx/CVE-2018-13387.json index d0974232bac..81883d8ee75 100644 --- a/2018/13xxx/CVE-2018-13387.json +++ b/2018/13xxx/CVE-2018-13387.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-07-13T00:00:00", - "ID" : "CVE-2018-13387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "7.6.7" - }, - { - "version_affected" : ">=", - "version_value" : "7.7.0" - }, - { - "version_affected" : "<", - "version_value" : "7.7.5" - }, - { - "version_affected" : ">=", - "version_value" : "7.8.0" - }, - { - "version_affected" : "<", - "version_value" : "7.8.5" - }, - { - "version_affected" : ">=", - "version_value" : "7.9.0" - }, - { - "version_affected" : "<", - "version_value" : "7.9.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.10.0" - }, - { - "version_affected" : "<", - "version_value" : "7.10.2" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-07-13T00:00:00", + "ID": "CVE-2018-13387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.6.7" + }, + { + "version_affected": ">=", + "version_value": "7.7.0" + }, + { + "version_affected": "<", + "version_value": "7.7.5" + }, + { + "version_affected": ">=", + "version_value": "7.8.0" + }, + { + "version_affected": "<", + "version_value": "7.8.5" + }, + { + "version_affected": ">=", + "version_value": "7.9.0" + }, + { + "version_affected": "<", + "version_value": "7.9.3" + }, + { + "version_affected": ">=", + "version_value": "7.10.0" + }, + { + "version_affected": "<", + "version_value": "7.10.2" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-67526", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-67526" - }, - { - "name" : "104890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104890" + }, + { + "name": "https://jira.atlassian.com/browse/JRASERVER-67526", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-67526" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13719.json b/2018/13xxx/CVE-2018-13719.json index d94083a03d5..d48d70ad963 100644 --- a/2018/13xxx/CVE-2018-13719.json +++ b/2018/13xxx/CVE-2018-13719.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for BiteduToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BiteduToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BiteduToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for BiteduToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BiteduToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BiteduToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13771.json b/2018/13xxx/CVE-2018-13771.json index f2890edb731..1cf28387cd8 100644 --- a/2018/13xxx/CVE-2018-13771.json +++ b/2018/13xxx/CVE-2018-13771.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ExacoreContract", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ExacoreContract" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ExacoreContract", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ExacoreContract" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16185.json b/2018/16xxx/CVE-2018-16185.json index a785a9f4e45..a317a622c19 100644 --- a/2018/16xxx/CVE-2018-16185.json +++ b/2018/16xxx/CVE-2018-16185.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RICOH Interactive Whiteboard", - "version" : { - "version_data" : [ - { - "version_value" : "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)" - } - ] - } - } - ] - }, - "vendor_name" : "RICOH COMPANY, LTD." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Firmware file is not signed" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RICOH Interactive Whiteboard", + "version": { + "version_data": [ + { + "version_value": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)" + } + ] + } + } + ] + }, + "vendor_name": "RICOH COMPANY, LTD." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ricoh.com/info/2018/1127_1.html", - "refsource" : "MISC", - "url" : "https://www.ricoh.com/info/2018/1127_1.html" - }, - { - "name" : "JVN#55263945", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN55263945/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Firmware file is not signed" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#55263945", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN55263945/index.html" + }, + { + "name": "https://www.ricoh.com/info/2018/1127_1.html", + "refsource": "MISC", + "url": "https://www.ricoh.com/info/2018/1127_1.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16389.json b/2018/16xxx/CVE-2018-16389.json index cc8e6a8e599..5461fd9c061 100644 --- a/2018/16xxx/CVE-2018-16389.json +++ b/2018/16xxx/CVE-2018-16389.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0", - "refsource" : "MISC", - "url" : "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0" - }, - { - "name" : "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27", - "refsource" : "CONFIRM", - "url" : "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27", + "refsource": "CONFIRM", + "url": "https://github.com/e107inc/e107/commit/ec483e9379aa622bfcc1b853b189c74288771f27" + }, + { + "name": "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0", + "refsource": "MISC", + "url": "https://gist.github.com/ommadawn46/51e08e13e6980dcbcffb4322c29b93d0" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16399.json b/2018/16xxx/CVE-2018-16399.json index 10a7bd076ec..464bb794bfa 100644 --- a/2018/16xxx/CVE-2018-16399.json +++ b/2018/16xxx/CVE-2018-16399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16637.json b/2018/16xxx/CVE-2018-16637.json index 6bc20efda4d..bc5fd1f2a83 100644 --- a/2018/16xxx/CVE-2018-16637.json +++ b/2018/16xxx/CVE-2018-16637.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-16637/blob/master/evolution_xss_stored.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-16637/blob/master/evolution_xss_stored.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/security-breachlock/CVE-2018-16637/blob/master/evolution_xss_stored.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-16637/blob/master/evolution_xss_stored.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16939.json b/2018/16xxx/CVE-2018-16939.json index f2af656fa49..f0f41bb042c 100644 --- a/2018/16xxx/CVE-2018-16939.json +++ b/2018/16xxx/CVE-2018-16939.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16939", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16939", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4063.json b/2018/4xxx/CVE-2018-4063.json index 117650afa4c..42b8f12c524 100644 --- a/2018/4xxx/CVE-2018-4063.json +++ b/2018/4xxx/CVE-2018-4063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4411.json b/2018/4xxx/CVE-2018-4411.json index b58b0cf0eaa..5d8252cac96 100644 --- a/2018/4xxx/CVE-2018-4411.json +++ b/2018/4xxx/CVE-2018-4411.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4411", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4411", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4943.json b/2018/4xxx/CVE-2018-4943.json index 12c8355186b..bf51bebdaee 100644 --- a/2018/4xxx/CVE-2018-4943.json +++ b/2018/4xxx/CVE-2018-4943.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe PhoneGap Push Plugin 1.8.0 earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe PhoneGap Push Plugin 1.8.0 earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Same-Origin Method Execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe PhoneGap Push Plugin 1.8.0 earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe PhoneGap Push Plugin 1.8.0 earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/phonegap/apsb18-15.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/phonegap/apsb18-15.html" - }, - { - "name" : "103710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Same-Origin Method Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/phonegap/apsb18-15.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/phonegap/apsb18-15.html" + }, + { + "name": "103710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103710" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7419.json b/2019/7xxx/CVE-2019-7419.json index 9779e1e63e4..01c9fb33dbb 100644 --- a/2019/7xxx/CVE-2019-7419.json +++ b/2019/7xxx/CVE-2019-7419.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7419", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/leftmenu.sws\" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html" + }, + { + "url": "http://www.samsungprinter.com/", + "refsource": "MISC", + "name": "http://www.samsungprinter.com/" + }, + { + "url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx", + "refsource": "MISC", + "name": "http://www.samsung.com/Support/ProductSupport/download/index.aspx" + }, + { + "refsource": "FULLDISC", + "name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service", + "url": "http://seclists.org/fulldisclosure/2019/Feb/28" } ] }