From 57f9429e74e8eb2639e3f513676106da0b67f4cd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:25:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0575.json | 230 +++++++-------- 2004/0xxx/CVE-2004-0835.json | 270 +++++++++--------- 2004/0xxx/CVE-2004-0992.json | 150 +++++----- 2004/1xxx/CVE-2004-1255.json | 130 ++++----- 2004/1xxx/CVE-2004-1271.json | 130 ++++----- 2004/1xxx/CVE-2004-1368.json | 180 ++++++------ 2004/1xxx/CVE-2004-1510.json | 150 +++++----- 2004/1xxx/CVE-2004-1591.json | 130 ++++----- 2008/2xxx/CVE-2008-2443.json | 160 +++++------ 2008/2xxx/CVE-2008-2784.json | 150 +++++----- 2008/3xxx/CVE-2008-3151.json | 160 +++++------ 2008/3xxx/CVE-2008-3418.json | 150 +++++----- 2008/3xxx/CVE-2008-3421.json | 150 +++++----- 2008/3xxx/CVE-2008-3953.json | 150 +++++----- 2008/3xxx/CVE-2008-3997.json | 160 +++++------ 2008/4xxx/CVE-2008-4101.json | 500 ++++++++++++++++----------------- 2008/4xxx/CVE-2008-4473.json | 200 ++++++------- 2008/4xxx/CVE-2008-4531.json | 150 +++++----- 2008/6xxx/CVE-2008-6103.json | 150 +++++----- 2008/6xxx/CVE-2008-6518.json | 140 ++++----- 2008/6xxx/CVE-2008-6920.json | 170 +++++------ 2008/6xxx/CVE-2008-6964.json | 140 ++++----- 2008/7xxx/CVE-2008-7040.json | 150 +++++----- 2008/7xxx/CVE-2008-7203.json | 140 ++++----- 2013/2xxx/CVE-2013-2443.json | 370 ++++++++++++------------ 2013/2xxx/CVE-2013-2539.json | 34 +-- 2013/2xxx/CVE-2013-2924.json | 240 ++++++++-------- 2013/6xxx/CVE-2013-6373.json | 130 ++++----- 2017/11xxx/CVE-2017-11258.json | 160 +++++------ 2017/11xxx/CVE-2017-11493.json | 34 +-- 2017/11xxx/CVE-2017-11814.json | 142 +++++----- 2017/14xxx/CVE-2017-14776.json | 34 +-- 2017/15xxx/CVE-2017-15097.json | 190 ++++++------- 2017/15xxx/CVE-2017-15149.json | 34 +-- 2017/15xxx/CVE-2017-15233.json | 34 +-- 2017/15xxx/CVE-2017-15312.json | 122 ++++---- 2017/15xxx/CVE-2017-15802.json | 120 ++++---- 2017/9xxx/CVE-2017-9267.json | 172 ++++++------ 2017/9xxx/CVE-2017-9340.json | 130 ++++----- 2017/9xxx/CVE-2017-9770.json | 120 ++++---- 2018/0xxx/CVE-2018-0985.json | 34 +-- 2018/12xxx/CVE-2018-12189.json | 122 ++++---- 2018/12xxx/CVE-2018-12216.json | 122 ++++---- 2018/12xxx/CVE-2018-12444.json | 34 +-- 2018/12xxx/CVE-2018-12823.json | 120 ++++---- 2018/12xxx/CVE-2018-12935.json | 34 +-- 2018/13xxx/CVE-2018-13792.json | 120 ++++---- 2018/16xxx/CVE-2018-16286.json | 120 ++++---- 2018/16xxx/CVE-2018-16340.json | 34 +-- 2018/16xxx/CVE-2018-16372.json | 120 ++++---- 2018/16xxx/CVE-2018-16555.json | 148 +++++----- 2018/16xxx/CVE-2018-16724.json | 120 ++++---- 2018/16xxx/CVE-2018-16841.json | 212 +++++++------- 2018/4xxx/CVE-2018-4719.json | 34 +-- 2018/4xxx/CVE-2018-4853.json | 138 ++++----- 2018/4xxx/CVE-2018-4856.json | 138 ++++----- 2018/4xxx/CVE-2018-4985.json | 140 ++++----- 57 files changed, 4023 insertions(+), 4023 deletions(-) diff --git a/2004/0xxx/CVE-2004-0575.json b/2004/0xxx/CVE-2004-0575.json index fd561bb0ba6..87aa43bee14 100644 --- a/2004/0xxx/CVE-2004-0575.json +++ b/2004/0xxx/CVE-2004-0575.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an \"unchecked buffer\" and improper length validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041013 EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=109767342326300&w=2" - }, - { - "name" : "MS04-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-034" - }, - { - "name" : "VU#649374", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/649374" - }, - { - "name" : "P-010", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-010.shtml" - }, - { - "name" : "http://www.eeye.com/html/research/advisories/AD20041012A.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/advisories/AD20041012A.html" - }, - { - "name" : "oval:org.mitre.oval:def:1053", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1053" - }, - { - "name" : "oval:org.mitre.oval:def:3913", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3913" - }, - { - "name" : "oval:org.mitre.oval:def:4276", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4276" - }, - { - "name" : "oval:org.mitre.oval:def:6397", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6397" - }, - { - "name" : "1011637", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011637" - }, - { - "name" : "win-compressed-folders-bo(17624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17624" - }, - { - "name" : "win-ms04034-patch(17659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an \"unchecked buffer\" and improper length validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1011637", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011637" + }, + { + "name": "oval:org.mitre.oval:def:3913", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3913" + }, + { + "name": "20041013 EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=109767342326300&w=2" + }, + { + "name": "MS04-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-034" + }, + { + "name": "P-010", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-010.shtml" + }, + { + "name": "http://www.eeye.com/html/research/advisories/AD20041012A.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/advisories/AD20041012A.html" + }, + { + "name": "oval:org.mitre.oval:def:4276", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4276" + }, + { + "name": "oval:org.mitre.oval:def:1053", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1053" + }, + { + "name": "VU#649374", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/649374" + }, + { + "name": "win-compressed-folders-bo(17624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17624" + }, + { + "name": "win-ms04034-patch(17659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17659" + }, + { + "name": "oval:org.mitre.oval:def:6397", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6397" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0835.json b/2004/0xxx/CVE-2004-0835.json index 6dc5186649e..4f97b6f0ea8 100644 --- a/2004/0xxx/CVE-2004-0835.json +++ b/2004/0xxx/CVE-2004-0835.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html" - }, - { - "name" : "http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html", - "refsource" : "CONFIRM", - "url" : "http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html" - }, - { - "name" : "CLA-2004:892", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892" - }, - { - "name" : "DSA-562", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-562" - }, - { - "name" : "GLSA-200410-22", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml" - }, - { - "name" : "RHSA-2004:597", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-597.html" - }, - { - "name" : "RHSA-2004:611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-611.html" - }, - { - "name" : "101864", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1" - }, - { - "name" : "2004-0054", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0054/" - }, - { - "name" : "http://bugs.mysql.com/bug.php?id=3270", - "refsource" : "MISC", - "url" : "http://bugs.mysql.com/bug.php?id=3270" - }, - { - "name" : "http://lists.mysql.com/internals/13073", - "refsource" : "MISC", - "url" : "http://lists.mysql.com/internals/13073" - }, - { - "name" : "P-018", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-018.shtml" - }, - { - "name" : "12783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12783/" - }, - { - "name" : "1011606", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011606" - }, - { - "name" : "11357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11357" - }, - { - "name" : "mysql-alter-restriction-bypass(17666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.mysql.com/bug.php?id=3270", + "refsource": "MISC", + "url": "http://bugs.mysql.com/bug.php?id=3270" + }, + { + "name": "http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html", + "refsource": "CONFIRM", + "url": "http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html" + }, + { + "name": "RHSA-2004:611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-611.html" + }, + { + "name": "12783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12783/" + }, + { + "name": "DSA-562", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-562" + }, + { + "name": "101864", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1" + }, + { + "name": "11357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11357" + }, + { + "name": "CLA-2004:892", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892" + }, + { + "name": "http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html", + "refsource": "CONFIRM", + "url": "http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html" + }, + { + "name": "mysql-alter-restriction-bypass(17666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17666" + }, + { + "name": "RHSA-2004:597", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-597.html" + }, + { + "name": "P-018", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-018.shtml" + }, + { + "name": "GLSA-200410-22", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml" + }, + { + "name": "2004-0054", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0054/" + }, + { + "name": "http://lists.mysql.com/internals/13073", + "refsource": "MISC", + "url": "http://lists.mysql.com/internals/13073" + }, + { + "name": "1011606", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011606" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0992.json b/2004/0xxx/CVE-2004-0992.json index 64386b168b3..435ade911d8 100644 --- a/2004/0xxx/CVE-2004-0992.json +++ b/2004/0xxx/CVE-2004-0992.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200411-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml" - }, - { - "name" : "http://proxytunnel.sourceforge.net/news.html", - "refsource" : "CONFIRM", - "url" : "http://proxytunnel.sourceforge.net/news.html" - }, - { - "name" : "11592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11592" - }, - { - "name" : "proxytunnel-message-format-string(17945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11592" + }, + { + "name": "proxytunnel-message-format-string(17945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17945" + }, + { + "name": "GLSA-200411-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml" + }, + { + "name": "http://proxytunnel.sourceforge.net/news.html", + "refsource": "CONFIRM", + "url": "http://proxytunnel.sourceforge.net/news.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1255.json b/2004/1xxx/CVE-2004-1255.json index d96d967d341..13997c625fd 100644 --- a/2004/1xxx/CVE-2004-1255.json +++ b/2004/1xxx/CVE-2004-1255.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/2fax.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/2fax.txt" - }, - { - "name" : "2fax-bpcx-bo(10901)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tigger.uic.edu/~jlongs2/holes/2fax.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/2fax.txt" + }, + { + "name": "2fax-bpcx-bo(10901)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10901" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1271.json b/2004/1xxx/CVE-2004-1271.json index cf0c001a0f1..3f870e361e8 100644 --- a/2004/1xxx/CVE-2004-1271.json +++ b/2004/1xxx/CVE-2004-1271.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/dxfscope.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/dxfscope.txt" - }, - { - "name" : "dxfscope-dxfin-bo(18558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dxfscope-dxfin-bo(18558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18558" + }, + { + "name": "http://tigger.uic.edu/~jlongs2/holes/dxfscope.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/dxfscope.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1368.json b/2004/1xxx/CVE-2004-1368.json index 44485e282d8..619d4b909a2 100644 --- a/2004/1xxx/CVE-2004-1368.json +++ b/2004/1xxx/CVE-2004-1368.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110382264415387&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/oracle23122004E.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/oracle23122004E.txt" - }, - { - "name" : "101782", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1" - }, - { - "name" : "TA04-245A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-245A.html" - }, - { - "name" : "VU#435974", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/435974" - }, - { - "name" : "10871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10871" - }, - { - "name" : "oracle-isqlplus-file-access(18656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-isqlplus-file-access(18656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656" + }, + { + "name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110382264415387&w=2" + }, + { + "name": "http://www.ngssoftware.com/advisories/oracle23122004E.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt" + }, + { + "name": "VU#435974", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/435974" + }, + { + "name": "TA04-245A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html" + }, + { + "name": "10871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10871" + }, + { + "name": "101782", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1510.json b/2004/1xxx/CVE-2004-1510.json index b8584279a7f..ba8d29315a1 100644 --- a/2004/1xxx/CVE-2004-1510.json +++ b/2004/1xxx/CVE-2004-1510.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041109 Multiple Vulnerabilities in WebCalendar", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110011618724455&w=2" - }, - { - "name" : "11651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11651" - }, - { - "name" : "13164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13164" - }, - { - "name" : "webcalendar-scripts-gain-access(18030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041109 Multiple Vulnerabilities in WebCalendar", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110011618724455&w=2" + }, + { + "name": "webcalendar-scripts-gain-access(18030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18030" + }, + { + "name": "11651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11651" + }, + { + "name": "13164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13164" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1591.json b/2004/1xxx/CVE-2004-1591.json index 8a457d10071..a39cfc843b8 100644 --- a/2004/1xxx/CVE-2004-1591.json +++ b/2004/1xxx/CVE-2004-1591.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041012 Micronet wireless broadband router SP916BM admin password reset when power off", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109759963126161&w=2" - }, - { - "name" : "micronet-router-password-reset(17697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "micronet-router-password-reset(17697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17697" + }, + { + "name": "20041012 Micronet wireless broadband router SP916BM admin password reset when power off", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109759963126161&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2443.json b/2008/2xxx/CVE-2008-2443.json index d14b7212f17..b9540046acd 100644 --- a/2008/2xxx/CVE-2008-2443.json +++ b/2008/2xxx/CVE-2008-2443.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5610", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5610" - }, - { - "name" : "29200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29200" - }, - { - "name" : "ADV-2008-1524", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1524/references" - }, - { - "name" : "30244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30244" - }, - { - "name" : "therealestatescript-docid-sql-injection(42399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29200" + }, + { + "name": "therealestatescript-docid-sql-injection(42399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42399" + }, + { + "name": "5610", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5610" + }, + { + "name": "30244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30244" + }, + { + "name": "ADV-2008-1524", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1524/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2784.json b/2008/2xxx/CVE-2008-2784.json index 2414bf9165b..9641e77b2d3 100644 --- a/2008/2xxx/CVE-2008-2784.json +++ b/2008/2xxx/CVE-2008-2784.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.spamdyke.org/documentation/Changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.spamdyke.org/documentation/Changelog.txt" - }, - { - "name" : "30408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30408" - }, - { - "name" : "ADV-2008-1684", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1684/references" - }, - { - "name" : "spamdyke-smtpfilter-security-bypass(42658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1684", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1684/references" + }, + { + "name": "30408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30408" + }, + { + "name": "spamdyke-smtpfilter-security-bypass(42658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658" + }, + { + "name": "http://www.spamdyke.org/documentation/Changelog.txt", + "refsource": "CONFIRM", + "url": "http://www.spamdyke.org/documentation/Changelog.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3151.json b/2008/3xxx/CVE-2008-3151.json index e8230f10ed5..c8789d98197 100644 --- a/2008/3xxx/CVE-2008-3151.json +++ b/2008/3xxx/CVE-2008-3151.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080707 PHP-NUKE SQL Module's Name 4ndvddb", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494013/100/0/threaded" - }, - { - "name" : "30120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30120" - }, - { - "name" : "30976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30976" - }, - { - "name" : "3986", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3986" - }, - { - "name" : "4ndvddb-modules-sql-injection(43626)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30120" + }, + { + "name": "4ndvddb-modules-sql-injection(43626)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626" + }, + { + "name": "20080707 PHP-NUKE SQL Module's Name 4ndvddb", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494013/100/0/threaded" + }, + { + "name": "3986", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3986" + }, + { + "name": "30976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30976" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3418.json b/2008/3xxx/CVE-2008-3418.json index e2ee990023c..5ab00718e24 100644 --- a/2008/3xxx/CVE-2008-3418.json +++ b/2008/3xxx/CVE-2008-3418.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6141", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6141" - }, - { - "name" : "31244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31244" - }, - { - "name" : "4077", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4077" - }, - { - "name" : "trio-browse-sql-injection(44033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4077", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4077" + }, + { + "name": "31244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31244" + }, + { + "name": "trio-browse-sql-injection(44033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44033" + }, + { + "name": "6141", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6141" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3421.json b/2008/3xxx/CVE-2008-3421.json index 1c1659d6a4a..3e50f5dcb1d 100644 --- a/2008/3xxx/CVE-2008-3421.json +++ b/2008/3xxx/CVE-2008-3421.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ceaseless.ws/bb-csrf/", - "refsource" : "MISC", - "url" : "http://ceaseless.ws/bb-csrf/" - }, - { - "name" : "1020559", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020559" - }, - { - "name" : "31177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31177" - }, - { - "name" : "blackboard-unspecified-csrf(43986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020559", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020559" + }, + { + "name": "http://ceaseless.ws/bb-csrf/", + "refsource": "MISC", + "url": "http://ceaseless.ws/bb-csrf/" + }, + { + "name": "blackboard-unspecified-csrf(43986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986" + }, + { + "name": "31177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31177" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3953.json b/2008/3xxx/CVE-2008-3953.json index 0266278843d..8ffdb2c6624 100644 --- a/2008/3xxx/CVE-2008-3953.json +++ b/2008/3xxx/CVE-2008-3953.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6385", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6385" - }, - { - "name" : "31039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31039" - }, - { - "name" : "4232", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4232" - }, - { - "name" : "shaadizone-keywordsearch-sql-injection(44947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6385", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6385" + }, + { + "name": "4232", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4232" + }, + { + "name": "31039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31039" + }, + { + "name": "shaadizone-keywordsearch-sql-injection(44947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44947" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3997.json b/2008/3xxx/CVE-2008-3997.json index ffa29c750b9..141897de08e 100644 --- a/2008/3xxx/CVE-2008-3997.json +++ b/2008/3xxx/CVE-2008-3997.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-3997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "1021561", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021561" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "1021561", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021561" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4101.json b/2008/4xxx/CVE-2008-4101.json index e2ab06e0a09..82be8547ae9 100644 --- a/2008/4xxx/CVE-2008-4101.json +++ b/2008/4xxx/CVE-2008-4101.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495662" - }, - { - "name" : "20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495703" - }, - { - "name" : "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502322/100/0/threaded" - }, - { - "name" : "[oss-security] 20080911 Re: [oss-list] CVE request (vim)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/11/4" - }, - { - "name" : "[oss-security] 20080911 [oss-list] CVE request (vim)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/11/3" - }, - { - "name" : "[oss-security] 20080915 Re: [oss-list] CVE request (vim)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/16/5" - }, - { - "name" : "[oss-security] 20080915 Re: [oss-list] CVE request (vim)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/16/6" - }, - { - "name" : "[vim-dev] 20080903 Patch 7.2.010", - "refsource" : "MLIST", - "url" : "http://ftp.vim.org/pub/vim/patches/7.2/7.2.010" - }, - { - "name" : "[vim_dev] 20080824 Bug with v_K and potentially K command", - "refsource" : "MLIST", - "url" : "http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33" - }, - { - "name" : "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2" - }, - { - "name" : "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2" - }, - { - "name" : "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e" - }, - { - "name" : "http://www.rdancer.org/vulnerablevim-K.html", - "refsource" : "MISC", - "url" : "http://www.rdancer.org/vulnerablevim-K.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=461927", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=461927" - }, - { - "name" : "http://support.apple.com/kb/HT3216", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3216" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0004.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0004.html" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2008-10-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "MDVSA-2008:236", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236" - }, - { - "name" : "RHSA-2008:0617", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0617.html" - }, - { - "name" : "RHSA-2008:0580", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0580.html" - }, - { - "name" : "RHSA-2008:0618", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0618.html" - }, - { - "name" : "USN-712-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-712-1" - }, - { - "name" : "31681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31681" - }, - { - "name" : "30795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30795" - }, - { - "name" : "oval:org.mitre.oval:def:10894", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894" - }, - { - "name" : "oval:org.mitre.oval:def:5812", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812" - }, - { - "name" : "31592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31592" - }, - { - "name" : "32858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32858" - }, - { - "name" : "32864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32864" - }, - { - "name" : "ADV-2008-2780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2780" - }, - { - "name" : "ADV-2009-0033", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0033" - }, - { - "name" : "32222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32222" - }, - { - "name" : "33410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33410" - }, - { - "name" : "ADV-2009-0904", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0904" - }, - { - "name" : "vim-normal-command-execution(44626)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html" + }, + { + "name": "[vim-dev] 20080903 Patch 7.2.010", + "refsource": "MLIST", + "url": "http://ftp.vim.org/pub/vim/patches/7.2/7.2.010" + }, + { + "name": "RHSA-2008:0618", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html" + }, + { + "name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/16/5" + }, + { + "name": "31592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31592" + }, + { + "name": "20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495703" + }, + { + "name": "USN-712-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-712-1" + }, + { + "name": "[oss-security] 20080911 Re: [oss-list] CVE request (vim)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/11/4" + }, + { + "name": "oval:org.mitre.oval:def:10894", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894" + }, + { + "name": "31681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31681" + }, + { + "name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/16/6" + }, + { + "name": "32858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32858" + }, + { + "name": "33410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33410" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "RHSA-2008:0580", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm" + }, + { + "name": "vim-normal-command-execution(44626)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44626" + }, + { + "name": "ADV-2009-0904", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0904" + }, + { + "name": "ADV-2009-0033", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0033" + }, + { + "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded" + }, + { + "name": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2", + "refsource": "MISC", + "url": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=461927", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm" + }, + { + "name": "32222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32222" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "30795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30795" + }, + { + "name": "oval:org.mitre.oval:def:5812", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812" + }, + { + "name": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2", + "refsource": "MISC", + "url": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2" + }, + { + "name": "[oss-security] 20080911 [oss-list] CVE request (vim)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/11/3" + }, + { + "name": "20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495662" + }, + { + "name": "MDVSA-2008:236", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236" + }, + { + "name": "ADV-2008-2780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2780" + }, + { + "name": "32864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32864" + }, + { + "name": "[vim_dev] 20080824 Bug with v_K and potentially K command", + "refsource": "MLIST", + "url": "http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33" + }, + { + "name": "http://www.rdancer.org/vulnerablevim-K.html", + "refsource": "MISC", + "url": "http://www.rdancer.org/vulnerablevim-K.html" + }, + { + "name": "APPLE-SA-2008-10-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3216", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3216" + }, + { + "name": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e", + "refsource": "MISC", + "url": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e" + }, + { + "name": "RHSA-2008:0617", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4473.json b/2008/4xxx/CVE-2008-4473.json index 120c8f15f8b..d9e06c2a1c4 100644 --- a/2008/4xxx/CVE-2008-4473.json +++ b/2008/4xxx/CVE-2008-4473.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081015 Multiple Flash Authoring Heap Overflows - Malformed SWF Files", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497397/100/0/threaded" - }, - { - "name" : "http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf", - "refsource" : "MISC", - "url" : "http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf" - }, - { - "name" : "http://www.adobe.com/support/security/advisories/apsa08-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa08-09.html" - }, - { - "name" : "31769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31769" - }, - { - "name" : "ADV-2008-2837", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2837" - }, - { - "name" : "1021060", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021060" - }, - { - "name" : "32246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32246" - }, - { - "name" : "4429", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4429" - }, - { - "name" : "adobe-flash-cs3-bo(45914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-flash-cs3-bo(45914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45914" + }, + { + "name": "1021060", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021060" + }, + { + "name": "31769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31769" + }, + { + "name": "20081015 Multiple Flash Authoring Heap Overflows - Malformed SWF Files", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497397/100/0/threaded" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa08-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa08-09.html" + }, + { + "name": "ADV-2008-2837", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2837" + }, + { + "name": "http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf", + "refsource": "MISC", + "url": "http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf" + }, + { + "name": "32246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32246" + }, + { + "name": "4429", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4429" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4531.json b/2008/4xxx/CVE-2008-4531.json index 2673f34d9ab..56298d0aead 100644 --- a/2008/4xxx/CVE-2008-4531.json +++ b/2008/4xxx/CVE-2008-4531.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/315919", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/315919" - }, - { - "name" : "31554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31554" - }, - { - "name" : "32106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32106" - }, - { - "name" : "brilliantgallery-unspecified-sql-injection(45637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32106" + }, + { + "name": "brilliantgallery-unspecified-sql-injection(45637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45637" + }, + { + "name": "http://drupal.org/node/315919", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/315919" + }, + { + "name": "31554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31554" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6103.json b/2008/6xxx/CVE-2008-6103.json index 68f7d3228e8..13a489dcc97 100644 --- a/2008/6xxx/CVE-2008-6103.json +++ b/2008/6xxx/CVE-2008-6103.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0809-exploits/a4deskphp-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0809-exploits/a4deskphp-rfi.txt" - }, - { - "name" : "31507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31507" - }, - { - "name" : "32083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32083" - }, - { - "name" : "a4deskeventcalendar-index-file-include(45553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "a4deskeventcalendar-index-file-include(45553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45553" + }, + { + "name": "32083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32083" + }, + { + "name": "31507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31507" + }, + { + "name": "http://packetstormsecurity.org/0809-exploits/a4deskphp-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0809-exploits/a4deskphp-rfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6518.json b/2008/6xxx/CVE-2008-6518.json index 2ba1f8411a4..d50bd2b45d4 100644 --- a/2008/6xxx/CVE-2008-6518.json +++ b/2008/6xxx/CVE-2008-6518.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6259", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6259" - }, - { - "name" : "30721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30721" - }, - { - "name" : "vidiscript-avatar-file-upload(44525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6259", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6259" + }, + { + "name": "30721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30721" + }, + { + "name": "vidiscript-avatar-file-upload(44525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44525" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6920.json b/2008/6xxx/CVE-2008-6920.json index fcc1c77575c..ae1a8b1d7a0 100644 --- a/2008/6xxx/CVE-2008-6920.json +++ b/2008/6xxx/CVE-2008-6920.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7563", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7563" - }, - { - "name" : "33000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33000" - }, - { - "name" : "50981", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50981" - }, - { - "name" : "33268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33268" - }, - { - "name" : "ADV-2008-3508", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3508" - }, - { - "name" : "phpemployment-auth-file-upload(47592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpemployment-auth-file-upload(47592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47592" + }, + { + "name": "ADV-2008-3508", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3508" + }, + { + "name": "33268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33268" + }, + { + "name": "33000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33000" + }, + { + "name": "50981", + "refsource": "OSVDB", + "url": "http://osvdb.org/50981" + }, + { + "name": "7563", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7563" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6964.json b/2008/6xxx/CVE-2008-6964.json index fc7c9559b7c..875470b732e 100644 --- a/2008/6xxx/CVE-2008-6964.json +++ b/2008/6xxx/CVE-2008-6964.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7123", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7123" - }, - { - "name" : "32309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32309" - }, - { - "name" : "x7chat-login-sql-injection(46640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7123", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7123" + }, + { + "name": "x7chat-login-sql-injection(46640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46640" + }, + { + "name": "32309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32309" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7040.json b/2008/7xxx/CVE-2008-7040.json index 3fe433c2a68..24863bc603c 100644 --- a/2008/7xxx/CVE-2008-7040.json +++ b/2008/7xxx/CVE-2008-7040.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080216 WordPress SQL Injection(wp-content-simple-forum)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488279" - }, - { - "name" : "27854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27854" - }, - { - "name" : "52210", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52210" - }, - { - "name" : "simpleforum-sfprofile-sql-injection(41578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080216 WordPress SQL Injection(wp-content-simple-forum)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488279" + }, + { + "name": "52210", + "refsource": "OSVDB", + "url": "http://osvdb.org/52210" + }, + { + "name": "simpleforum-sfprofile-sql-injection(41578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41578" + }, + { + "name": "27854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27854" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7203.json b/2008/7xxx/CVE-2008-7203.json index f1659c0620e..a9c3496fb83 100644 --- a/2008/7xxx/CVE-2008-7203.json +++ b/2008/7xxx/CVE-2008-7203.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4856", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4856" - }, - { - "name" : "27159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27159" - }, - { - "name" : "counterstrike-unspecified-dos(39535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4856", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4856" + }, + { + "name": "27159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27159" + }, + { + "name": "counterstrike-unspecified-dos(39535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39535" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2443.json b/2013/2xxx/CVE-2013-2443.json index 83c5ea76066..f2a58c9a4c9 100644 --- a/2013/2xxx/CVE-2013-2443.json +++ b/2013/2xxx/CVE-2013-2443.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect \"checking order\" within the AccessControlContext class." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70" - }, - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975137", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975137" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2013-0185.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2013-0185.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "MDVSA-2013:183", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1081", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1081.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1293", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "SUSE-SU-2013:1263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60646" - }, - { - "name" : "oval:org.mitre.oval:def:17230", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17230" - }, - { - "name" : "oval:org.mitre.oval:def:19299", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19299" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect \"checking order\" within the AccessControlContext class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60646" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "oval:org.mitre.oval:def:17230", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17230" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SUSE-SU-2013:1263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" + }, + { + "name": "SUSE-SU-2013:1293", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" + }, + { + "name": "RHSA-2013:1081", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "http://advisories.mageia.org/MGASA-2013-0185.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2013-0185.html" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70" + }, + { + "name": "MDVSA-2013:183", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975137", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975137" + }, + { + "name": "oval:org.mitre.oval:def:19299", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19299" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2539.json b/2013/2xxx/CVE-2013-2539.json index 3e90f643e72..e63bc343e4e 100644 --- a/2013/2xxx/CVE-2013-2539.json +++ b/2013/2xxx/CVE-2013-2539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2924.json b/2013/2xxx/CVE-2013-2924.json index 37dad614b6b..ad4e335817e 100644 --- a/2013/2xxx/CVE-2013-2924.json +++ b/2013/2xxx/CVE-2013-2924.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.icu-project.org/trac/ticket/10318", - "refsource" : "CONFIRM", - "url" : "http://bugs.icu-project.org/trac/ticket/10318" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=275803", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=275803" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=219151&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=219151&view=revision" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "DSA-2785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2785" - }, - { - "name" : "DSA-2786", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2786" - }, - { - "name" : "openSUSE-SU-2013:1556", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "JVN#85336306", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN85336306/index.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "oval:org.mitre.oval:def:19017", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=275803", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=275803" + }, + { + "name": "http://bugs.icu-project.org/trac/ticket/10318", + "refsource": "CONFIRM", + "url": "http://bugs.icu-project.org/trac/ticket/10318" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "DSA-2785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2785" + }, + { + "name": "openSUSE-SU-2013:1556", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" + }, + { + "name": "JVN#85336306", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN85336306/index.html" + }, + { + "name": "oval:org.mitre.oval:def:19017", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017" + }, + { + "name": "DSA-2786", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2786" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=219151&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=219151&view=revision" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6373.json b/2013/6xxx/CVE-2013-6373.json index f519d708b2c..7a011199f44 100644 --- a/2013/6xxx/CVE-2013-6373.json +++ b/2013/6xxx/CVE-2013-6373.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20", - "refsource" : "MISC", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20", + "refsource": "MISC", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20" + }, + { + "name": "https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11258.json b/2017/11xxx/CVE-2017-11258.json index b233ee5f76c..389dac91d70 100644 --- a/2017/11xxx/CVE-2017-11258.json +++ b/2017/11xxx/CVE-2017-11258.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100184" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100184" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11493.json b/2017/11xxx/CVE-2017-11493.json index 10bf4366ff9..7a1be4c20ea 100644 --- a/2017/11xxx/CVE-2017-11493.json +++ b/2017/11xxx/CVE-2017-11493.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11493", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-11493", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11814.json b/2017/11xxx/CVE-2017-11814.json index 02611af6a80..aee0f8d58cf 100644 --- a/2017/11xxx/CVE-2017-11814.json +++ b/2017/11xxx/CVE-2017-11814.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Kernel", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11814", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11814" - }, - { - "name" : "101093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101093" - }, - { - "name" : "1039526", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039526", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039526" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11814", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11814" + }, + { + "name": "101093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101093" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14776.json b/2017/14xxx/CVE-2017-14776.json index 0763900555e..dcfea6bbe44 100644 --- a/2017/14xxx/CVE-2017-14776.json +++ b/2017/14xxx/CVE-2017-14776.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14776", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14776", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15097.json b/2017/15xxx/CVE-2017-15097.json index fc4605f39da..c832e5cfd77 100644 --- a/2017/15xxx/CVE-2017-15097.json +++ b/2017/15xxx/CVE-2017-15097.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-15097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "postgresql init script", - "version" : { - "version_data" : [ - { - "version_value" : "all" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-59" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-15097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postgresql init script", + "version": { + "version_data": [ + { + "version_value": "all" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097" - }, - { - "name" : "RHSA-2017:3402", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3402" - }, - { - "name" : "RHSA-2017:3403", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3403" - }, - { - "name" : "RHSA-2017:3404", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3404" - }, - { - "name" : "RHSA-2017:3405", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3405" - }, - { - "name" : "1039983", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3402", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3402" + }, + { + "name": "RHSA-2017:3403", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3403" + }, + { + "name": "RHSA-2017:3405", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3405" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097" + }, + { + "name": "1039983", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039983" + }, + { + "name": "RHSA-2017:3404", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3404" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15149.json b/2017/15xxx/CVE-2017-15149.json index 7ba674de97b..fee0e34fa1d 100644 --- a/2017/15xxx/CVE-2017-15149.json +++ b/2017/15xxx/CVE-2017-15149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15149", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15149", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15233.json b/2017/15xxx/CVE-2017-15233.json index 9ea2d8e695b..ee8487d30ab 100644 --- a/2017/15xxx/CVE-2017-15233.json +++ b/2017/15xxx/CVE-2017-15233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15233", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15233", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15312.json b/2017/15xxx/CVE-2017-15312.json index 74cdb5189ea..89e751f8756 100644 --- a/2017/15xxx/CVE-2017-15312.json +++ b/2017/15xxx/CVE-2017-15312.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-12-01T00:00:00", - "ID" : "CVE-2017-15312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartCare", - "version" : { - "version_data" : [ - { - "version_value" : "V200R003C10" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-12-01T00:00:00", + "ID": "CVE-2017-15312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartCare", + "version": { + "version_data": [ + { + "version_value": "V200R003C10" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15802.json b/2017/15xxx/CVE-2017-15802.json index 084cf84b845..cdd36b72634 100644 --- a/2017/15xxx/CVE-2017-15802.json +++ b/2017/15xxx/CVE-2017-15802.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9267.json b/2017/9xxx/CVE-2017-9267.json index b9f8783728c..ac508d098c9 100644 --- a/2017/9xxx/CVE-2017-9267.json +++ b/2017/9xxx/CVE-2017-9267.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00.000Z", - "ID" : "CVE-2017-9267", - "STATE" : "PUBLIC", - "TITLE" : "eDirectory LDAP peer certificate validation issue" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eDirectory", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "9.0.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "Novell" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-757" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-10-02T00:00:00.000Z", + "ID": "CVE-2017-9267", + "STATE": "PUBLIC", + "TITLE": "eDirectory LDAP peer certificate validation issue" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eDirectory", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "9.0.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Novell" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7016794", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7016794" - } - ] - }, - "source" : { - "advisory" : "7016794", - "defect" : [ - "977754" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-757" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7016794", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7016794" + } + ] + }, + "source": { + "advisory": "7016794", + "defect": [ + "977754" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9340.json b/2017/9xxx/CVE-2017-9340.json index 7da0f43c6e2..8523f9037cf 100644 --- a/2017/9xxx/CVE-2017-9340.json +++ b/2017/9xxx/CVE-2017-9340.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/166581", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/166581" - }, - { - "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2017-006", - "refsource" : "CONFIRM", - "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2017-006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/166581", + "refsource": "MISC", + "url": "https://hackerone.com/reports/166581" + }, + { + "name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006", + "refsource": "CONFIRM", + "url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9770.json b/2017/9xxx/CVE-2017-9770.json index b68b5f0dccf..b628248d0a2 100644 --- a/2017/9xxx/CVE-2017-9770.json +++ b/2017/9xxx/CVE-2017-9770.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://warroom.securestate.com/cve-2017-9770/", - "refsource" : "MISC", - "url" : "https://warroom.securestate.com/cve-2017-9770/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://warroom.securestate.com/cve-2017-9770/", + "refsource": "MISC", + "url": "https://warroom.securestate.com/cve-2017-9770/" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0985.json b/2018/0xxx/CVE-2018-0985.json index 13476bce9a4..9e329334226 100644 --- a/2018/0xxx/CVE-2018-0985.json +++ b/2018/0xxx/CVE-2018-0985.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0985", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0985", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12189.json b/2018/12xxx/CVE-2018-12189.json index 01e08b4d82d..9aba97fc810 100644 --- a/2018/12xxx/CVE-2018-12189.json +++ b/2018/12xxx/CVE-2018-12189.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2018-12189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Multiple versions." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2018-12189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology", + "version": { + "version_data": [ + { + "version_value": "Multiple versions." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12216.json b/2018/12xxx/CVE-2018-12216.json index a8dcfff7328..6d9c5212827 100644 --- a/2018/12xxx/CVE-2018-12216.json +++ b/2018/12xxx/CVE-2018-12216.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2018-12216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) Graphics Driver for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Multiple versions." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2018-12216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Driver for Windows", + "version": { + "version_data": [ + { + "version_value": "Multiple versions." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12444.json b/2018/12xxx/CVE-2018-12444.json index 8ec7a120b85..afcdf0298ef 100644 --- a/2018/12xxx/CVE-2018-12444.json +++ b/2018/12xxx/CVE-2018-12444.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12444", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12444", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12823.json b/2018/12xxx/CVE-2018-12823.json index 1741349bc64..a1383756755 100644 --- a/2018/12xxx/CVE-2018-12823.json +++ b/2018/12xxx/CVE-2018-12823.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions", - "version" : { - "version_data" : [ - { - "version_value" : "4.5.8 and below versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions", + "version": { + "version_data": [ + { + "version_value": "4.5.8 and below versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12935.json b/2018/12xxx/CVE-2018-12935.json index 4cf11a98a4a..52a7aae51d1 100644 --- a/2018/12xxx/CVE-2018-12935.json +++ b/2018/12xxx/CVE-2018-12935.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12935", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12935", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13792.json b/2018/13xxx/CVE-2018-13792.json index 9a0df83383b..188e7855c0e 100644 --- a/2018/13xxx/CVE-2018-13792.json +++ b/2018/13xxx/CVE-2018-13792.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.abbyydownloads.com/fc12/ReleaseNotes_FC12_R2_U6_1299.29_build_12.0.2.1420.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.abbyydownloads.com/fc12/ReleaseNotes_FC12_R2_U6_1299.29_build_12.0.2.1420.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.abbyydownloads.com/fc12/ReleaseNotes_FC12_R2_U6_1299.29_build_12.0.2.1420.pdf", + "refsource": "CONFIRM", + "url": "http://www.abbyydownloads.com/fc12/ReleaseNotes_FC12_R2_U6_1299.29_build_12.0.2.1420.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16286.json b/2018/16xxx/CVE-2018-16286.json index ef66cd8b2c3..0c8d6c67184 100644 --- a/2018/16xxx/CVE-2018-16286.json +++ b/2018/16xxx/CVE-2018-16286.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html", - "refsource" : "MISC", - "url" : "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html", + "refsource": "MISC", + "url": "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16340.json b/2018/16xxx/CVE-2018-16340.json index 96528e7719f..0c94b7dffc6 100644 --- a/2018/16xxx/CVE-2018-16340.json +++ b/2018/16xxx/CVE-2018-16340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16372.json b/2018/16xxx/CVE-2018-16372.json index a06f670b6b5..df23a67e7ab 100644 --- a/2018/16xxx/CVE-2018-16372.json +++ b/2018/16xxx/CVE-2018-16372.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/iechoo/ideacms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/iechoo/ideacms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/iechoo/ideacms/issues/1", + "refsource": "MISC", + "url": "https://github.com/iechoo/ideacms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16555.json b/2018/16xxx/CVE-2018-16555.json index fdc6ec40adc..9bdca66c985 100644 --- a/2018/16xxx/CVE-2018-16555.json +++ b/2018/16xxx/CVE-2018-16555.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2018-16555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2M", - "version" : { - "version_data" : [ - { - "version_value" : "SCALANCE S602 : All versions < V4.0.1.1" - }, - { - "version_value" : "SCALANCE S612 : All versions < V4.0.1.1" - }, - { - "version_value" : "SCALANCE S623 : All versions < V4.0.1.1" - }, - { - "version_value" : "SCALANCE S627-2M : All versions < V4.0.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2018-16555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2M", + "version": { + "version_data": [ + { + "version_value": "SCALANCE S602 : All versions < V4.0.1.1" + }, + { + "version_value": "SCALANCE S612 : All versions < V4.0.1.1" + }, + { + "version_value": "SCALANCE S623 : All versions < V4.0.1.1" + }, + { + "version_value": "SCALANCE S627-2M : All versions < V4.0.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf" - }, - { - "name" : "105937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf" + }, + { + "name": "105937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105937" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16724.json b/2018/16xxx/CVE-2018-16724.json index f54efcff646..ebea87f84bb 100644 --- a/2018/16xxx/CVE-2018-16724.json +++ b/2018/16xxx/CVE-2018-16724.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xxy961216/attack-baijiacmsV4-with-blind-sql-injection", - "refsource" : "MISC", - "url" : "https://github.com/xxy961216/attack-baijiacmsV4-with-blind-sql-injection" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xxy961216/attack-baijiacmsV4-with-blind-sql-injection", + "refsource": "MISC", + "url": "https://github.com/xxy961216/attack-baijiacmsV4-with-blind-sql-injection" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16841.json b/2018/16xxx/CVE-2018-16841.json index a08ddb0b60b..2205b3bee1e 100644 --- a/2018/16xxx/CVE-2018-16841.json +++ b/2018/16xxx/CVE-2018-16841.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-16841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "samba", - "version" : { - "version_data" : [ - { - "version_value" : "4.7.12" - }, - { - "version_value" : "4.8.7" - }, - { - "version_value" : "4.9.3" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "4.7.12" + }, + { + "version_value": "4.8.7" + }, + { + "version_value": "4.9.3" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2018-16841.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2018-16841.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181127-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181127-0001/" - }, - { - "name" : "DSA-4345", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4345" - }, - { - "name" : "USN-3827-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3827-1/" - }, - { - "name" : "USN-3827-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3827-2/" - }, - { - "name" : "106023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106023" + }, + { + "name": "USN-3827-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3827-2/" + }, + { + "name": "USN-3827-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3827-1/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181127-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181127-0001/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841" + }, + { + "name": "DSA-4345", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4345" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2018-16841.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2018-16841.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4719.json b/2018/4xxx/CVE-2018-4719.json index 1d885e980b4..9175ede50ed 100644 --- a/2018/4xxx/CVE-2018-4719.json +++ b/2018/4xxx/CVE-2018-4719.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4719", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4719", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4853.json b/2018/4xxx/CVE-2018-4853.json index bbcb6e42ee7..e4d02e90f2a 100644 --- a/2018/4xxx/CVE-2018-4853.json +++ b/2018/4xxx/CVE-2018-4853.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-07-03T00:00:00", - "ID" : "CVE-2018-4853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SICLOCK TC100, SICLOCK TC400", - "version" : { - "version_data" : [ - { - "version_value" : "SICLOCK TC100 : All versions" - }, - { - "version_value" : "SICLOCK TC400 : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306: Missing Authentication for Critical Function" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-07-03T00:00:00", + "ID": "CVE-2018-4853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SICLOCK TC100, SICLOCK TC400", + "version": { + "version_data": [ + { + "version_value": "SICLOCK TC100 : All versions" + }, + { + "version_value": "SICLOCK TC400 : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" - }, - { - "name" : "104672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104672" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4856.json b/2018/4xxx/CVE-2018-4856.json index 2dd6a04a90c..3e1e3d8def6 100644 --- a/2018/4xxx/CVE-2018-4856.json +++ b/2018/4xxx/CVE-2018-4856.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-07-03T00:00:00", - "ID" : "CVE-2018-4856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SICLOCK TC100, SICLOCK TC400", - "version" : { - "version_data" : [ - { - "version_value" : "SICLOCK TC100 : All versions" - }, - { - "version_value" : "SICLOCK TC400 : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287: Improper Authentication" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-07-03T00:00:00", + "ID": "CVE-2018-4856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SICLOCK TC100, SICLOCK TC400", + "version": { + "version_data": [ + { + "version_value": "SICLOCK TC100 : All versions" + }, + { + "version_value": "SICLOCK TC400 : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" - }, - { - "name" : "104672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104672" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4985.json b/2018/4xxx/CVE-2018-4985.json index 159aaa616f1..0032412d9c0 100644 --- a/2018/4xxx/CVE-2018-4985.json +++ b/2018/4xxx/CVE-2018-4985.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104175" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + }, + { + "name": "104175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104175" + } + ] + } +} \ No newline at end of file