From 58c60530e5f39797063e26da0d9f5e71d6c55216 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1589.json | 140 ++++++++--------- 2003/0xxx/CVE-2003-0313.json | 120 +++++++-------- 2003/0xxx/CVE-2003-0347.json | 170 ++++++++++----------- 2003/0xxx/CVE-2003-0421.json | 130 ++++++++-------- 2003/0xxx/CVE-2003-0627.json | 160 ++++++++++---------- 2003/1xxx/CVE-2003-1069.json | 150 +++++++++---------- 2003/1xxx/CVE-2003-1263.json | 150 +++++++++---------- 2003/1xxx/CVE-2003-1294.json | 250 +++++++++++++++---------------- 2003/1xxx/CVE-2003-1499.json | 160 ++++++++++---------- 2004/0xxx/CVE-2004-0522.json | 160 ++++++++++---------- 2004/2xxx/CVE-2004-2104.json | 200 ++++++++++++------------- 2004/2xxx/CVE-2004-2111.json | 170 ++++++++++----------- 2004/2xxx/CVE-2004-2624.json | 160 ++++++++++---------- 2004/2xxx/CVE-2004-2641.json | 170 ++++++++++----------- 2008/2xxx/CVE-2008-2006.json | 210 +++++++++++++------------- 2008/2xxx/CVE-2008-2420.json | 230 ++++++++++++++-------------- 2008/2xxx/CVE-2008-2489.json | 150 +++++++++---------- 2008/2xxx/CVE-2008-2797.json | 140 ++++++++--------- 2012/0xxx/CVE-2012-0108.json | 130 ++++++++-------- 2012/0xxx/CVE-2012-0861.json | 170 ++++++++++----------- 2012/1xxx/CVE-2012-1469.json | 240 +++++++++++++++--------------- 2012/1xxx/CVE-2012-1800.json | 150 +++++++++---------- 2012/5xxx/CVE-2012-5226.json | 140 ++++++++--------- 2012/5xxx/CVE-2012-5734.json | 34 ++--- 2012/5xxx/CVE-2012-5999.json | 34 ++--- 2017/11xxx/CVE-2017-11094.json | 34 ++--- 2017/11xxx/CVE-2017-11103.json | 230 ++++++++++++++-------------- 2017/3xxx/CVE-2017-3029.json | 140 ++++++++--------- 2017/3xxx/CVE-2017-3771.json | 120 +++++++-------- 2017/3xxx/CVE-2017-3914.json | 34 ++--- 2017/7xxx/CVE-2017-7310.json | 240 +++++++++++++++--------------- 2017/8xxx/CVE-2017-8242.json | 130 ++++++++-------- 2017/8xxx/CVE-2017-8264.json | 132 ++++++++--------- 2017/8xxx/CVE-2017-8286.json | 34 ++--- 2017/8xxx/CVE-2017-8630.json | 142 +++++++++--------- 2017/8xxx/CVE-2017-8787.json | 120 +++++++-------- 2018/10xxx/CVE-2018-10188.json | 150 +++++++++---------- 2018/10xxx/CVE-2018-10443.json | 34 ++--- 2018/10xxx/CVE-2018-10925.json | 264 ++++++++++++++++----------------- 2018/10xxx/CVE-2018-10994.json | 160 ++++++++++---------- 2018/12xxx/CVE-2018-12470.json | 182 +++++++++++------------ 2018/13xxx/CVE-2018-13044.json | 34 ++--- 2018/13xxx/CVE-2018-13218.json | 130 ++++++++-------- 2018/13xxx/CVE-2018-13616.json | 130 ++++++++-------- 2018/17xxx/CVE-2018-17030.json | 120 +++++++-------- 2018/17xxx/CVE-2018-17674.json | 130 ++++++++-------- 2018/9xxx/CVE-2018-9126.json | 130 ++++++++-------- 2018/9xxx/CVE-2018-9295.json | 34 ++--- 2018/9xxx/CVE-2018-9396.json | 34 ++--- 2018/9xxx/CVE-2018-9568.json | 160 ++++++++++---------- 50 files changed, 3483 insertions(+), 3483 deletions(-) diff --git a/2002/1xxx/CVE-2002-1589.json b/2002/1xxx/CVE-2002-1589.json index 26bb613a0d4..c6302894e14 100644 --- a/2002/1xxx/CVE-2002-1589.json +++ b/2002/1xxx/CVE-2002-1589.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "48067", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-48067-1" - }, - { - "name" : "6080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6080" - }, - { - "name" : "solaris-kmem-flags-dos(10496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48067", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-48067-1" + }, + { + "name": "solaris-kmem-flags-dos(10496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10496" + }, + { + "name": "6080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6080" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0313.json b/2003/0xxx/CVE-2003-0313.json index 894e1fd9610..dd0062a6226 100644 --- a/2003/0xxx/CVE-2003-0313.json +++ b/2003/0xxx/CVE-2003-0313.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030516 Snowblind Web Server: multiple issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030516 Snowblind Web Server: multiple issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105311719128173&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0347.json b/2003/0xxx/CVE-2003-0347.json index 441160205f1..9d4e6c58e96 100644 --- a/2003/0xxx/CVE-2003-0347.json +++ b/2003/0xxx/CVE-2003-0347.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030903 EEYE: VBE Document Property Buffer Overflow", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html" - }, - { - "name" : "20030903 EEYE: VBE Document Property Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106262077829157&w=2" - }, - { - "name" : "MS03-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037" - }, - { - "name" : "VU#804780", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/804780" - }, - { - "name" : "8534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8534" - }, - { - "name" : "9666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#804780", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/804780" + }, + { + "name": "20030903 EEYE: VBE Document Property Buffer Overflow", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html" + }, + { + "name": "9666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9666" + }, + { + "name": "20030903 EEYE: VBE Document Property Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106262077829157&w=2" + }, + { + "name": "8534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8534" + }, + { + "name": "MS03-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0421.json b/2003/0xxx/CVE-2003-0421.json index 7cda6f95970..7663ea56e96 100644 --- a/2003/0xxx/CVE-2003-0421.json +++ b/2003/0xxx/CVE-2003-0421.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html" - }, - { - "name" : "http://www.rapid7.com/advisories/R7-0015.html", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0015.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0015.html", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0015.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0627.json b/2003/0xxx/CVE-2003-0627.json index 647d8773cc7..497c2d26c76 100644 --- a/2003/0xxx/CVE-2003-0627.json +++ b/2003/0xxx/CVE-2003-0627.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html" - }, - { - "name" : "20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html" - }, - { - "name" : "9038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9038" - }, - { - "name" : "10225", - "refsource" : "SECUNIA", - "url" : "http://www.secunia.com/advisories/10225/" - }, - { - "name" : "peoplesoft-searchcgi-directory-traversal(13754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html" + }, + { + "name": "20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html" + }, + { + "name": "10225", + "refsource": "SECUNIA", + "url": "http://www.secunia.com/advisories/10225/" + }, + { + "name": "peoplesoft-searchcgi-directory-traversal(13754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13754" + }, + { + "name": "9038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9038" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1069.json b/2003/1xxx/CVE-2003-1069.json index fa1741490db..bd102b9ffa4 100644 --- a/2003/1xxx/CVE-2003-1069.json +++ b/2003/1xxx/CVE-2003-1069.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "54181", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54181-1" - }, - { - "name" : "7794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7794" - }, - { - "name" : "8935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8935/" - }, - { - "name" : "sun-intelnetd-dos(12140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8935/" + }, + { + "name": "7794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7794" + }, + { + "name": "sun-intelnetd-dos(12140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12140" + }, + { + "name": "54181", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54181-1" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1263.json b/2003/1xxx/CVE-2003-1263.json index f0711bf9efa..d2f6965a4b6 100644 --- a/2003/1xxx/CVE-2003-1263.json +++ b/2003/1xxx/CVE-2003-1263.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030103 ical 3.7 remote dos", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0011.html" - }, - { - "name" : "6505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6505" - }, - { - "name" : "ical-icalexe-port-dos(10973)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10973.php" - }, - { - "name" : "6506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6505" + }, + { + "name": "ical-icalexe-port-dos(10973)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10973.php" + }, + { + "name": "6506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6506" + }, + { + "name": "20030103 ical 3.7 remote dos", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0011.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1294.json b/2003/1xxx/CVE-2003-1294.json index 243178edb18..006bca1c60d 100644 --- a/2003/1xxx/CVE-2003-1294.json +++ b/2003/1xxx/CVE-2003-1294.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2003-1294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/linux/download/updates/90_i386.html", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/linux/download/updates/90_i386.html" - }, - { - "name" : "http://jwz.livejournal.com/310943.html", - "refsource" : "MISC", - "url" : "http://jwz.livejournal.com/310943.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm" - }, - { - "name" : "RHSA-2006:0498", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0498.html" - }, - { - "name" : "20060602-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" - }, - { - "name" : "9125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9125" - }, - { - "name" : "oval:org.mitre.oval:def:10848", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848" - }, - { - "name" : "ADV-2006-1948", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1948" - }, - { - "name" : "20224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20224" - }, - { - "name" : "20226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20226" - }, - { - "name" : "20456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20456" - }, - { - "name" : "20782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968" + }, + { + "name": "oval:org.mitre.oval:def:10848", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848" + }, + { + "name": "20782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20782" + }, + { + "name": "RHSA-2006:0498", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0498.html" + }, + { + "name": "ADV-2006-1948", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1948" + }, + { + "name": "20224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20224" + }, + { + "name": "9125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9125" + }, + { + "name": "20060602-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" + }, + { + "name": "20456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20456" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286" + }, + { + "name": "http://www.novell.com/linux/download/updates/90_i386.html", + "refsource": "CONFIRM", + "url": "http://www.novell.com/linux/download/updates/90_i386.html" + }, + { + "name": "http://jwz.livejournal.com/310943.html", + "refsource": "MISC", + "url": "http://jwz.livejournal.com/310943.html" + }, + { + "name": "20226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20226" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1499.json b/2003/1xxx/CVE-2003-1499.json index b1a987b7912..be3ca14a2d4 100644 --- a/2003/1xxx/CVE-2003-1499.json +++ b/2003/1xxx/CVE-2003-1499.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031019 ByteHoard Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0200.html" - }, - { - "name" : "20031019 ByteHoard Directory Traversal Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012430.html" - }, - { - "name" : "http://www.securiteam.com/unixfocus/6L00L008KE.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/6L00L008KE.html" - }, - { - "name" : "8850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8850" - }, - { - "name" : "bytehoard-dotdot-directory-traversal(13456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031019 ByteHoard Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0200.html" + }, + { + "name": "8850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8850" + }, + { + "name": "bytehoard-dotdot-directory-traversal(13456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13456" + }, + { + "name": "http://www.securiteam.com/unixfocus/6L00L008KE.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/6L00L008KE.html" + }, + { + "name": "20031019 ByteHoard Directory Traversal Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012430.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0522.json b/2004/0xxx/CVE-2004-0522.json index b95bfa554f6..b2bdee0b99a 100644 --- a/2004/0xxx/CVE-2004-0522.json +++ b/2004/0xxx/CVE-2004-0522.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-512", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-512" - }, - { - "name" : "GLSA-200406-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200406-10.xml" - }, - { - "name" : "10451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10451" - }, - { - "name" : "11752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11752" - }, - { - "name" : "gallery-user-bypass-authentication(16301)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-512", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-512" + }, + { + "name": "10451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10451" + }, + { + "name": "gallery-user-bypass-authentication(16301)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16301" + }, + { + "name": "11752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11752" + }, + { + "name": "GLSA-200406-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200406-10.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2104.json b/2004/2xxx/CVE-2004-2104.json index 5ab5f873f4a..2b3b6bd2c99 100644 --- a/2004/2xxx/CVE-2004-2104.json +++ b/2004/2xxx/CVE-2004-2104.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040123 NetWare-Enterprise-Web-Server/5.1/6.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107487862304440&w=2" - }, - { - "name" : "9479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9479" - }, - { - "name" : "3715", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3715" - }, - { - "name" : "3720", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3720" - }, - { - "name" : "3721", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3721" - }, - { - "name" : "3722", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3722" - }, - { - "name" : "4952", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4952" - }, - { - "name" : "10711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10711" - }, - { - "name" : "netware-enterprise-path-disclosure(14921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3720", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3720" + }, + { + "name": "20040123 NetWare-Enterprise-Web-Server/5.1/6.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107487862304440&w=2" + }, + { + "name": "10711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10711" + }, + { + "name": "3721", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3721" + }, + { + "name": "4952", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4952" + }, + { + "name": "netware-enterprise-path-disclosure(14921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14921" + }, + { + "name": "3722", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3722" + }, + { + "name": "9479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9479" + }, + { + "name": "3715", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3715" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2111.json b/2004/2xxx/CVE-2004-2111.json index 8a894b3b1af..64c6bfa06f9 100644 --- a/2004/2xxx/CVE-2004-2111.json +++ b/2004/2xxx/CVE-2004-2111.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040124 [SST]ServU MDTM command remote buffero verflow adv", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html" - }, - { - "name" : "20040126 Serv-U ftp 4.2 site chmod long_file_name exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107513654005840&w=2" - }, - { - "name" : "9675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9675" - }, - { - "name" : "9483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9483" - }, - { - "name" : "1008841", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008841" - }, - { - "name" : "servu-chmodcommand-execute-code(14931)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "servu-chmodcommand-execute-code(14931)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931" + }, + { + "name": "9483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9483" + }, + { + "name": "1008841", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008841" + }, + { + "name": "9675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9675" + }, + { + "name": "20040126 Serv-U ftp 4.2 site chmod long_file_name exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107513654005840&w=2" + }, + { + "name": "20040124 [SST]ServU MDTM command remote buffero verflow adv", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2624.json b/2004/2xxx/CVE-2004-2624.json index 1b29fa2b4a6..b6c65801794 100644 --- a/2004/2xxx/CVE-2004-2624.json +++ b/2004/2xxx/CVE-2004-2624.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in \"TextSearch\" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the \"phrase\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wackowiki.com/WackoDownload/VersionHistory?v=yrv", - "refsource" : "CONFIRM", - "url" : "http://wackowiki.com/WackoDownload/VersionHistory?v=yrv" - }, - { - "name" : "10860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10860" - }, - { - "name" : "8295", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8295" - }, - { - "name" : "12209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12209" - }, - { - "name" : "wackowiki-text-search-xss(16878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in \"TextSearch\" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the \"phrase\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8295", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8295" + }, + { + "name": "12209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12209" + }, + { + "name": "10860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10860" + }, + { + "name": "wackowiki-text-search-xss(16878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16878" + }, + { + "name": "http://wackowiki.com/WackoDownload/VersionHistory?v=yrv", + "refsource": "CONFIRM", + "url": "http://wackowiki.com/WackoDownload/VersionHistory?v=yrv" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2641.json b/2004/2xxx/CVE-2004-2641.json index c67c36f874d..d7ffe81581c 100644 --- a/2004/2xxx/CVE-2004-2641.json +++ b/2004/2xxx/CVE-2004-2641.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57544-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57544-1" - }, - { - "name" : "10189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10189" - }, - { - "name" : "5577", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5577" - }, - { - "name" : "1009888", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009888" - }, - { - "name" : "11439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11439" - }, - { - "name" : "sun-fire-ip-controller-dos(15925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5577", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5577" + }, + { + "name": "11439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11439" + }, + { + "name": "10189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10189" + }, + { + "name": "sun-fire-ip-controller-dos(15925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15925" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57544-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57544-1" + }, + { + "name": "1009888", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009888" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2006.json b/2008/2xxx/CVE-2008-2006.json index 64a00179ed2..ccfc6423caa 100644 --- a/2008/2xxx/CVE-2008-2006.json +++ b/2008/2xxx/CVE-2008-2006.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080521 CORE-2008-0126: Multiple vulnerabilities in iCal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492414/100/0/threaded" - }, - { - "name" : "20080527 Re: CORE-2008-0126: Multiple vulnerabilities in iCal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492638/100/100/threaded" - }, - { - "name" : "20080528 Re: CORE-2008-0126: Multiple vulnerabilities in iCal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492682/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2219", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2219" - }, - { - "name" : "28632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28632" - }, - { - "name" : "28629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28629" - }, - { - "name" : "1020094", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020094" - }, - { - "name" : "ADV-2008-1601", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1601" - }, - { - "name" : "3901", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3901" - }, - { - "name" : "ical-trigger-dos(42569)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1601", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1601" + }, + { + "name": "ical-trigger-dos(42569)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42569" + }, + { + "name": "28632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28632" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2219", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2219" + }, + { + "name": "20080528 Re: CORE-2008-0126: Multiple vulnerabilities in iCal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492682/100/0/threaded" + }, + { + "name": "20080527 Re: CORE-2008-0126: Multiple vulnerabilities in iCal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492638/100/100/threaded" + }, + { + "name": "3901", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3901" + }, + { + "name": "1020094", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020094" + }, + { + "name": "28629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28629" + }, + { + "name": "20080521 CORE-2008-0126: Multiple vulnerabilities in iCal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492414/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2420.json b/2008/2xxx/CVE-2008-2420.json index 8912faff834..535815cc01d 100644 --- a/2008/2xxx/CVE-2008-2420.json +++ b/2008/2xxx/CVE-2008-2420.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[stunnel-announce] 20080519 stunnel 4.24 released", - "refsource" : "MLIST", - "url" : "http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html" - }, - { - "name" : "FEDORA-2008-4531", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html" - }, - { - "name" : "FEDORA-2008-4579", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html" - }, - { - "name" : "FEDORA-2008-4606", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html" - }, - { - "name" : "GLSA-200808-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-08.xml" - }, - { - "name" : "MDVSA-2008:168", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:168" - }, - { - "name" : "29309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29309" - }, - { - "name" : "ADV-2008-1569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1569/references" - }, - { - "name" : "30335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30335" - }, - { - "name" : "30425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30425" - }, - { - "name" : "31438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31438" - }, - { - "name" : "stunnel-ocsp-security-bypass(42528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30425" + }, + { + "name": "stunnel-ocsp-security-bypass(42528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42528" + }, + { + "name": "FEDORA-2008-4606", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html" + }, + { + "name": "ADV-2008-1569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1569/references" + }, + { + "name": "30335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30335" + }, + { + "name": "31438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31438" + }, + { + "name": "FEDORA-2008-4531", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html" + }, + { + "name": "MDVSA-2008:168", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:168" + }, + { + "name": "[stunnel-announce] 20080519 stunnel 4.24 released", + "refsource": "MLIST", + "url": "http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html" + }, + { + "name": "FEDORA-2008-4579", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html" + }, + { + "name": "GLSA-200808-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-08.xml" + }, + { + "name": "29309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29309" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2489.json b/2008/2xxx/CVE-2008-2489.json index 949239fcefd..dceb9bfe6ce 100644 --- a/2008/2xxx/CVE-2008-2489.json +++ b/2008/2xxx/CVE-2008-2489.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified \"user input.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/" - }, - { - "name" : "ADV-2008-1665", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1665/references" - }, - { - "name" : "30400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30400" - }, - { - "name" : "sqzfelib-unspecified-sql-injection(42625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified \"user input.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1665", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1665/references" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/" + }, + { + "name": "30400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30400" + }, + { + "name": "sqzfelib-unspecified-sql-injection(42625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42625" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2797.json b/2008/2xxx/CVE-2008-2797.json index b6eca7dc4d7..60e655f3f61 100644 --- a/2008/2xxx/CVE-2008-2797.json +++ b/2008/2xxx/CVE-2008-2797.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "29785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29785" - }, - { - "name" : "30745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30745" - }, - { - "name" : "optutils-mainlayout-xss(43158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30745" + }, + { + "name": "optutils-mainlayout-xss(43158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43158" + }, + { + "name": "29785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29785" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0108.json b/2012/0xxx/CVE-2012-0108.json index 83c61a9c094..cdd2e6a8b97 100644 --- a/2012/0xxx/CVE-2012-0108.json +++ b/2012/0xxx/CVE-2012-0108.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0095." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0095." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0861.json b/2012/0xxx/CVE-2012-0861.json index acc49de6b52..9f44e63a4b4 100644 --- a/2012/0xxx/CVE-2012-0861.json +++ b/2012/0xxx/CVE-2012-0861.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2012:1505", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1505.html" - }, - { - "name" : "RHSA-2012:1506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1506.html" - }, - { - "name" : "RHSA-2012:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1508.html" - }, - { - "name" : "56825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56825" - }, - { - "name" : "1027838", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027838" - }, - { - "name" : "enterprise-ssl-certificates-mitm(80544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1508.html" + }, + { + "name": "56825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56825" + }, + { + "name": "RHSA-2012:1506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1506.html" + }, + { + "name": "RHSA-2012:1505", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1505.html" + }, + { + "name": "enterprise-ssl-certificates-mitm(80544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80544" + }, + { + "name": "1027838", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027838" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1469.json b/2012/1xxx/CVE-2012-1469.json index c3fd77582ab..04757a736aa 100644 --- a/2012/1xxx/CVE-2012-1469.json +++ b/2012/1xxx/CVE-2012-1469.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120321 Multiple vulnerabilities in Open Journal Systems (OJS)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23079", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23079" - }, - { - "name" : "http://pkp.sfu.ca/ojs/RELEASE-2.3.7", - "refsource" : "CONFIRM", - "url" : "http://pkp.sfu.ca/ojs/RELEASE-2.3.7" - }, - { - "name" : "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431", - "refsource" : "CONFIRM", - "url" : "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431" - }, - { - "name" : "80255", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80255" - }, - { - "name" : "80256", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80256" - }, - { - "name" : "80257", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80257" - }, - { - "name" : "48449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48449" - }, - { - "name" : "48464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48464" - }, - { - "name" : "open-journal-editor-xss(74227)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74227" - }, - { - "name" : "open-journal-index-xss(74225)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74225" - }, - { - "name" : "open-journal-string-xss(74226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74226" - }, - { - "name" : "open-journal-articleid-xss(74228)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431", + "refsource": "CONFIRM", + "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431" + }, + { + "name": "open-journal-articleid-xss(74228)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74228" + }, + { + "name": "open-journal-index-xss(74225)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74225" + }, + { + "name": "48449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48449" + }, + { + "name": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7", + "refsource": "CONFIRM", + "url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7" + }, + { + "name": "open-journal-editor-xss(74227)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74227" + }, + { + "name": "80257", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80257" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23079", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23079" + }, + { + "name": "80255", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80255" + }, + { + "name": "20120321 Multiple vulnerabilities in Open Journal Systems (OJS)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.html" + }, + { + "name": "48464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48464" + }, + { + "name": "80256", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80256" + }, + { + "name": "open-journal-string-xss(74226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74226" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1800.json b/2012/1xxx/CVE-2012-1800.json index 45da68768de..8101d0e36eb 100644 --- a/2012/1xxx/CVE-2012-1800.json +++ b/2012/1xxx/CVE-2012-1800.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-1800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf" - }, - { - "name" : "http://support.automation.siemens.com/WW/view/en/59869684", - "refsource" : "CONFIRM", - "url" : "http://support.automation.siemens.com/WW/view/en/59869684" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf" - }, - { - "name" : "81034", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.automation.siemens.com/WW/view/en/59869684", + "refsource": "CONFIRM", + "url": "http://support.automation.siemens.com/WW/view/en/59869684" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf" + }, + { + "name": "81034", + "refsource": "OSVDB", + "url": "http://osvdb.org/81034" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5226.json b/2012/5xxx/CVE-2012-5226.json index 41b840be079..3cc9049f659 100644 --- a/2012/5xxx/CVE-2012-5226.json +++ b/2012/5xxx/CVE-2012-5226.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18422", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18422" - }, - { - "name" : "51700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51700" - }, - { - "name" : "peelshopping-multiple-xss(72765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "peelshopping-multiple-xss(72765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72765" + }, + { + "name": "18422", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18422" + }, + { + "name": "51700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51700" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5734.json b/2012/5xxx/CVE-2012-5734.json index 2b759009839..e30fb6596e0 100644 --- a/2012/5xxx/CVE-2012-5734.json +++ b/2012/5xxx/CVE-2012-5734.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5734", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5734", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5999.json b/2012/5xxx/CVE-2012-5999.json index 5f031b6c248..49c136c52f5 100644 --- a/2012/5xxx/CVE-2012-5999.json +++ b/2012/5xxx/CVE-2012-5999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5999", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5999", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11094.json b/2017/11xxx/CVE-2017-11094.json index b7f77073bee..a4b996d8fac 100644 --- a/2017/11xxx/CVE-2017-11094.json +++ b/2017/11xxx/CVE-2017-11094.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11094", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11094", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11103.json b/2017/11xxx/CVE-2017-11103.json index c2cec46ee80..9a4266a9e8f 100644 --- a/2017/11xxx/CVE-2017-11103.json +++ b/2017/11xxx/CVE-2017-11103.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.orpheus-lyre.info/", - "refsource" : "MISC", - "url" : "https://www.orpheus-lyre.info/" - }, - { - "name" : "http://www.h5l.org/advisories.html?show=2017-07-11", - "refsource" : "CONFIRM", - "url" : "http://www.h5l.org/advisories.html?show=2017-07-11" - }, - { - "name" : "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2017-11103.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2017-11103.html" - }, - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208144", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208144" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3912", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3912" - }, - { - "name" : "FreeBSD-SA-17:05", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc" - }, - { - "name" : "99551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99551" - }, - { - "name" : "1038876", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038876" - }, - { - "name" : "1039427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3912", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3912" + }, + { + "name": "https://support.apple.com/HT208144", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208144" + }, + { + "name": "https://www.orpheus-lyre.info/", + "refsource": "MISC", + "url": "https://www.orpheus-lyre.info/" + }, + { + "name": "FreeBSD-SA-17:05", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc" + }, + { + "name": "99551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99551" + }, + { + "name": "1039427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039427" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2017-11103.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2017-11103.html" + }, + { + "name": "1038876", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038876" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0", + "refsource": "CONFIRM", + "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0" + }, + { + "name": "http://www.h5l.org/advisories.html?show=2017-07-11", + "refsource": "CONFIRM", + "url": "http://www.h5l.org/advisories.html?show=2017-07-11" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3029.json b/2017/3xxx/CVE-2017-3029.json index 533e9d9bec7..1a1dd298b14 100644 --- a/2017/3xxx/CVE-2017-3029.json +++ b/2017/3xxx/CVE-2017-3029.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97554" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97554" + }, + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3771.json b/2017/3xxx/CVE-2017-3771.json index 8f0727114c1..bd2ab826b35 100644 --- a/2017/3xxx/CVE-2017-3771.json +++ b/2017/3xxx/CVE-2017-3771.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2017-3771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "E95, ThinkCentre M710s/M710t", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than 1.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthorized bootloader allowed to run during system boot, reducing protection against rootkits" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2017-3771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "E95, ThinkCentre M710s/M710t", + "version": { + "version_data": [ + { + "version_value": "Earlier than 1.3.2" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-17417", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-17417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized bootloader allowed to run during system boot, reducing protection against rootkits" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-17417", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-17417" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3914.json b/2017/3xxx/CVE-2017-3914.json index a42010ff33c..c34df55a9e0 100644 --- a/2017/3xxx/CVE-2017-3914.json +++ b/2017/3xxx/CVE-2017-3914.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3914", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3914", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7310.json b/2017/7xxx/CVE-2017-7310.json index 0439463f747..977c46f25a0 100644 --- a/2017/7xxx/CVE-2017-7310.json +++ b/2017/7xxx/CVE-2017-7310.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41771", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41771/" - }, - { - "name" : "41772", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41772/" - }, - { - "name" : "41773", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41773/" - }, - { - "name" : "43875", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43875/" - }, - { - "name" : "44157", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44157/" - }, - { - "name" : "http://www.diskboss.com/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.diskboss.com/news.html" - }, - { - "name" : "http://www.diskpulse.com/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.diskpulse.com/news.html" - }, - { - "name" : "http://www.disksavvy.com/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.disksavvy.com/news.html" - }, - { - "name" : "http://www.disksorter.com/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.disksorter.com/news.html" - }, - { - "name" : "http://www.dupscout.com/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.dupscout.com/news.html" - }, - { - "name" : "http://www.syncbreeze.com/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.syncbreeze.com/news.html" - }, - { - "name" : "http://www.vxsearch.com/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.vxsearch.com/news.html" - }, - { - "name" : "97237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41771", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41771/" + }, + { + "name": "43875", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43875/" + }, + { + "name": "44157", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44157/" + }, + { + "name": "41773", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41773/" + }, + { + "name": "http://www.dupscout.com/news.html", + "refsource": "CONFIRM", + "url": "http://www.dupscout.com/news.html" + }, + { + "name": "http://www.diskpulse.com/news.html", + "refsource": "CONFIRM", + "url": "http://www.diskpulse.com/news.html" + }, + { + "name": "http://www.diskboss.com/news.html", + "refsource": "CONFIRM", + "url": "http://www.diskboss.com/news.html" + }, + { + "name": "http://www.vxsearch.com/news.html", + "refsource": "CONFIRM", + "url": "http://www.vxsearch.com/news.html" + }, + { + "name": "http://www.disksorter.com/news.html", + "refsource": "CONFIRM", + "url": "http://www.disksorter.com/news.html" + }, + { + "name": "97237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97237" + }, + { + "name": "41772", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41772/" + }, + { + "name": "http://www.disksavvy.com/news.html", + "refsource": "CONFIRM", + "url": "http://www.disksavvy.com/news.html" + }, + { + "name": "http://www.syncbreeze.com/news.html", + "refsource": "CONFIRM", + "url": "http://www.syncbreeze.com/news.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8242.json b/2017/8xxx/CVE-2017-8242.json index 3579d0f1e82..14c312e7ddb 100644 --- a/2017/8xxx/CVE-2017-8242.json +++ b/2017/8xxx/CVE-2017-8242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-8242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Time-of-check Time-of-use (TOCTOU) Race Condition in QTEE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-8242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Time-of-check Time-of-use (TOCTOU) Race Condition in QTEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8264.json b/2017/8xxx/CVE-2017-8264.json index 8c8820b6a56..d35c40ff440 100644 --- a/2017/8xxx/CVE-2017-8264.json +++ b/2017/8xxx/CVE-2017-8264.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2017-8264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reachable Assertion in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2017-8264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reachable Assertion in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99465" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8286.json b/2017/8xxx/CVE-2017-8286.json index 77a4b50d0d1..65fe34e4af9 100644 --- a/2017/8xxx/CVE-2017-8286.json +++ b/2017/8xxx/CVE-2017-8286.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8286", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8286", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8630.json b/2017/8xxx/CVE-2017-8630.json index cf1401e11d1..d48690e5c59 100644 --- a/2017/8xxx/CVE-2017-8630.json +++ b/2017/8xxx/CVE-2017-8630.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630" - }, - { - "name" : "100732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100732" - }, - { - "name" : "1039315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630" + }, + { + "name": "100732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100732" + }, + { + "name": "1039315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039315" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8787.json b/2017/8xxx/CVE-2017-8787.json index 13a0ed9fd22..4d8cbc662e0 100644 --- a/2017/8xxx/CVE-2017-8787.json +++ b/2017/8xxx/CVE-2017-8787.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10188.json b/2018/10xxx/CVE-2018-10188.json index 3b299adbc74..69d1591c24c 100644 --- a/2018/10xxx/CVE-2018-10188.json +++ b/2018/10xxx/CVE-2018-10188.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44496", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44496/" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2018-2/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2018-2/" - }, - { - "name" : "103936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103936" - }, - { - "name" : "1040752", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103936" + }, + { + "name": "1040752", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040752" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2018-2/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2018-2/" + }, + { + "name": "44496", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44496/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10443.json b/2018/10xxx/CVE-2018-10443.json index d2c728ad7f4..9d88b2b7772 100644 --- a/2018/10xxx/CVE-2018-10443.json +++ b/2018/10xxx/CVE-2018-10443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10443", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10443", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10925.json b/2018/10xxx/CVE-2018-10925.json index 9d1efd3face..2774b2da08b 100644 --- a/2018/10xxx/CVE-2018-10925.json +++ b/2018/10xxx/CVE-2018-10925.json @@ -1,134 +1,134 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-10925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "postgresql", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "9.6.10" - }, - { - "version_value" : "9.5.14" - }, - { - "version_value" : "9.4.19" - }, - { - "version_value" : "9.3.24" - } - ] - } - } - ] - }, - "vendor_name" : "PostgreSQL Global Development Group" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-863" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postgresql", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "9.6.10" + }, + { + "version_value": "9.5.14" + }, + { + "version_value": "9.4.19" + }, + { + "version_value": "9.3.24" + } + ] + } + } + ] + }, + "vendor_name": "PostgreSQL Global Development Group" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925" - }, - { - "name" : "https://www.postgresql.org/about/news/1878/", - "refsource" : "CONFIRM", - "url" : "https://www.postgresql.org/about/news/1878/" - }, - { - "name" : "DSA-4269", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4269" - }, - { - "name" : "GLSA-201810-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-08" - }, - { - "name" : "RHSA-2018:2511", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2511" - }, - { - "name" : "RHSA-2018:2565", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2565" - }, - { - "name" : "RHSA-2018:2566", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2566" - }, - { - "name" : "RHSA-2018:3816", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3816" - }, - { - "name" : "USN-3744-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3744-1/" - }, - { - "name" : "105052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105052" - }, - { - "name" : "1041446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201810-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-08" + }, + { + "name": "DSA-4269", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4269" + }, + { + "name": "105052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105052" + }, + { + "name": "RHSA-2018:2511", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2511" + }, + { + "name": "USN-3744-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3744-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925" + }, + { + "name": "RHSA-2018:2566", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2566" + }, + { + "name": "RHSA-2018:2565", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2565" + }, + { + "name": "RHSA-2018:3816", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3816" + }, + { + "name": "https://www.postgresql.org/about/news/1878/", + "refsource": "CONFIRM", + "url": "https://www.postgresql.org/about/news/1878/" + }, + { + "name": "1041446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041446" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10994.json b/2018/10xxx/CVE-2018-10994.json index 94966e26a12..b64ba31bf54 100644 --- a/2018/10xxx/CVE-2018-10994.json +++ b/2018/10xxx/CVE-2018-10994.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea", - "refsource" : "MISC", - "url" : "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea" - }, - { - "name" : "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1", - "refsource" : "MISC", - "url" : "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1" - }, - { - "name" : "https://twitter.com/bcrypt/status/995057030304952320", - "refsource" : "MISC", - "url" : "https://twitter.com/bcrypt/status/995057030304952320" - }, - { - "name" : "https://twitter.com/lorenzoFB/status/995048605399633926", - "refsource" : "MISC", - "url" : "https://twitter.com/lorenzoFB/status/995048605399633926" - }, - { - "name" : "https://twitter.com/ortegaalfredo/status/995940738839056384", - "refsource" : "MISC", - "url" : "https://twitter.com/ortegaalfredo/status/995940738839056384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/ortegaalfredo/status/995940738839056384", + "refsource": "MISC", + "url": "https://twitter.com/ortegaalfredo/status/995940738839056384" + }, + { + "name": "https://twitter.com/bcrypt/status/995057030304952320", + "refsource": "MISC", + "url": "https://twitter.com/bcrypt/status/995057030304952320" + }, + { + "name": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1", + "refsource": "MISC", + "url": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1" + }, + { + "name": "https://twitter.com/lorenzoFB/status/995048605399633926", + "refsource": "MISC", + "url": "https://twitter.com/lorenzoFB/status/995048605399633926" + }, + { + "name": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea", + "refsource": "MISC", + "url": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12470.json b/2018/12xxx/CVE-2018-12470.json index 37b06d82186..cc1f35a8a91 100644 --- a/2018/12xxx/CVE-2018-12470.json +++ b/2018/12xxx/CVE-2018-12470.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2018-09-27T00:00:00.000Z", - "ID" : "CVE-2018-12470", - "STATE" : "PUBLIC", - "TITLE" : "SQL injection in RegistrationSharing module" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SMT", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "3.0.37" - } - ] - } - } - ] - }, - "vendor_name" : "SUSE Linux" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Jake Miller" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.8, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-09-27T00:00:00.000Z", + "ID": "CVE-2018-12470", + "STATE": "PUBLIC", + "TITLE": "SQL injection in RegistrationSharing module" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SMT", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "3.0.37" + } + ] + } + } + ] + }, + "vendor_name": "SUSE Linux" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1103810", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1103810" - } - ] - }, - "source" : { - "defect" : [ - "https://bugzilla.suse.com/show_bug.cgi?id=1103810" - ], - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Jake Miller" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1103810", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1103810" + } + ] + }, + "source": { + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1103810" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13044.json b/2018/13xxx/CVE-2018-13044.json index 373cdcda858..5b8ace45312 100644 --- a/2018/13xxx/CVE-2018-13044.json +++ b/2018/13xxx/CVE-2018-13044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13218.json b/2018/13xxx/CVE-2018-13218.json index 169b61a246e..e58c65116b7 100644 --- a/2018/13xxx/CVE-2018-13218.json +++ b/2018/13xxx/CVE-2018-13218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13616.json b/2018/13xxx/CVE-2018-13616.json index b7b3d1d0004..947824800a7 100644 --- a/2018/13xxx/CVE-2018-13616.json +++ b/2018/13xxx/CVE-2018-13616.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IOCT_Coin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IOCT_Coin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IOCT_Coin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IOCT_Coin" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17030.json b/2018/17xxx/CVE-2018-17030.json index 7ea9cbfbce8..329662229b6 100644 --- a/2018/17xxx/CVE-2018-17030.json +++ b/2018/17xxx/CVE-2018-17030.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/342", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/342", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/342" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17674.json b/2018/17xxx/CVE-2018-17674.json index ba05d287ea7..185dbfdf8b9 100644 --- a/2018/17xxx/CVE-2018-17674.json +++ b/2018/17xxx/CVE-2018-17674.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6845." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1165/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1165/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6845." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1165/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1165/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9126.json b/2018/9xxx/CVE-2018-9126.json index 051c928e262..4796dbb5c3a 100644 --- a/2018/9xxx/CVE-2018-9126.json +++ b/2018/9xxx/CVE-2018-9126.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44414", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44414/" - }, - { - "name" : "http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html" + }, + { + "name": "44414", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44414/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9295.json b/2018/9xxx/CVE-2018-9295.json index 73bb1d1e2f1..32c1ccc3caf 100644 --- a/2018/9xxx/CVE-2018-9295.json +++ b/2018/9xxx/CVE-2018-9295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9396.json b/2018/9xxx/CVE-2018-9396.json index f4c89084f70..16f457cc30c 100644 --- a/2018/9xxx/CVE-2018-9396.json +++ b/2018/9xxx/CVE-2018-9396.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9396", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9396", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9568.json b/2018/9xxx/CVE-2018-9568.json index 974f43bf18f..fb1b791d2b9 100644 --- a/2018/9xxx/CVE-2018-9568.json +++ b/2018/9xxx/CVE-2018-9568.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-12-01" - }, - { - "name" : "RHSA-2019:0512", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0512" - }, - { - "name" : "RHSA-2019:0514", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0514" - }, - { - "name" : "USN-3880-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3880-2/" - }, - { - "name" : "USN-3880-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3880-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0512", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0512" + }, + { + "name": "USN-3880-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3880-1/" + }, + { + "name": "USN-3880-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3880-2/" + }, + { + "name": "RHSA-2019:0514", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0514" + }, + { + "name": "https://source.android.com/security/bulletin/2018-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-12-01" + } + ] + } +} \ No newline at end of file