diff --git a/2004/0xxx/CVE-2004-0223.json b/2004/0xxx/CVE-2004-0223.json
index e438052c74a..1bbf965376b 100644
--- a/2004/0xxx/CVE-2004-0223.json
+++ b/2004/0xxx/CVE-2004-0223.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-0223",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-0223",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/0xxx/CVE-2004-0456.json b/2004/0xxx/CVE-2004-0456.json
index 40b1507ad8e..c2e54ba6158 100644
--- a/2004/0xxx/CVE-2004-0456.json
+++ b/2004/0xxx/CVE-2004-0456.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-0456",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-0456",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20040702 pavuk buffer overflow",
- "refsource" : "FULLDISC",
- "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023322.html"
- },
- {
- "name" : "DSA-527",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2004/dsa-527"
- },
- {
- "name" : "GLSA-200406-22",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-200406-22.xml"
- },
- {
- "name" : "10633",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/10633"
- },
- {
- "name" : "pavuk-location-bo(16551)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16551"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "DSA-527",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2004/dsa-527"
+ },
+ {
+ "name": "pavuk-location-bo(16551)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16551"
+ },
+ {
+ "name": "10633",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/10633"
+ },
+ {
+ "name": "20040702 pavuk buffer overflow",
+ "refsource": "FULLDISC",
+ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023322.html"
+ },
+ {
+ "name": "GLSA-200406-22",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-200406-22.xml"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/0xxx/CVE-2004-0697.json b/2004/0xxx/CVE-2004-0697.json
index 9726b322050..4b9597e6f1f 100644
--- a/2004/0xxx/CVE-2004-0697.json
+++ b/2004/0xxx/CVE-2004-0697.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-0697",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-0697",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "A071304-1",
- "refsource" : "ATSTAKE",
- "url" : "http://www.atstake.com/research/advisories/2004/a071304-1.txt"
- },
- {
- "name" : "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt",
- "refsource" : "MISC",
- "url" : "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt"
- },
- {
- "name" : "4dwebstar-view-phpini-files(16688)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16688"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "A071304-1",
+ "refsource": "ATSTAKE",
+ "url": "http://www.atstake.com/research/advisories/2004/a071304-1.txt"
+ },
+ {
+ "name": "4dwebstar-view-phpini-files(16688)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16688"
+ },
+ {
+ "name": "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt",
+ "refsource": "MISC",
+ "url": "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/0xxx/CVE-2004-0739.json b/2004/0xxx/CVE-2004-0739.json
index 8e5561e2888..023d52a6c91 100644
--- a/2004/0xxx/CVE-2004-0739.json
+++ b/2004/0xxx/CVE-2004-0739.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-0739",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-0739",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20040719 Buffer overflow in Whisper FTP Surfer 1.0.7",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=109035224715409&w=2"
- },
- {
- "name" : "20040719 Buffer overflow in Whisper FTP Surfer 1.0.7",
- "refsource" : "FULLDISC",
- "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024087.html"
- },
- {
- "name" : "whisper-long-file-name-bo(16742)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16742"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20040719 Buffer overflow in Whisper FTP Surfer 1.0.7",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=109035224715409&w=2"
+ },
+ {
+ "name": "20040719 Buffer overflow in Whisper FTP Surfer 1.0.7",
+ "refsource": "FULLDISC",
+ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024087.html"
+ },
+ {
+ "name": "whisper-long-file-name-bo(16742)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16742"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/0xxx/CVE-2004-0759.json b/2004/0xxx/CVE-2004-0759.json
index e041a2fbe2b..b477b2b0d9c 100644
--- a/2004/0xxx/CVE-2004-0759.json
+++ b/2004/0xxx/CVE-2004-0759.json
@@ -1,102 +1,102 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-0759",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-0759",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=241924",
- "refsource" : "CONFIRM",
- "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=241924"
- },
- {
- "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
- "refsource" : "CONFIRM",
- "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"
- },
- {
- "name" : "FLSA:2089",
- "refsource" : "FEDORA",
- "url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2"
- },
- {
- "name" : "RHSA-2004:421",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2004-421.html"
- },
- {
- "name" : "SCOSA-2005.49",
- "refsource" : "SCO",
- "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
- },
- {
- "name" : "SUSE-SA:2004:036",
- "refsource" : "SUSE",
- "url" : "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
- },
- {
- "name" : "15495",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/15495"
- },
- {
- "name" : "oval:org.mitre.oval:def:11153",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153"
- },
- {
- "name" : "mozilla-warning-file-upload(16870)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "SCOSA-2005.49",
+ "refsource": "SCO",
+ "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
+ },
+ {
+ "name": "SUSE-SA:2004:036",
+ "refsource": "SUSE",
+ "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
+ },
+ {
+ "name": "RHSA-2004:421",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
+ },
+ {
+ "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
+ "refsource": "CONFIRM",
+ "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"
+ },
+ {
+ "name": "FLSA:2089",
+ "refsource": "FEDORA",
+ "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"
+ },
+ {
+ "name": "15495",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/15495"
+ },
+ {
+ "name": "mozilla-warning-file-upload(16870)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:11153",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153"
+ },
+ {
+ "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=241924",
+ "refsource": "CONFIRM",
+ "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=241924"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/1xxx/CVE-2004-1033.json b/2004/1xxx/CVE-2004-1033.json
index c882aabee42..ebc95b34ce7 100644
--- a/2004/1xxx/CVE-2004-1033.json
+++ b/2004/1xxx/CVE-2004-1033.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-1033",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-1033",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20041115 Multiple Security Vulnerabilities in Fcron",
- "refsource" : "IDEFENSE",
- "url" : "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false"
- },
- {
- "name" : "GLSA-200411-27",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-200411-27.xml"
- },
- {
- "name" : "11684",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/11684"
- },
- {
- "name" : "fcron-fcrontab-obtain-info(18078)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18078"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20041115 Multiple Security Vulnerabilities in Fcron",
+ "refsource": "IDEFENSE",
+ "url": "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false"
+ },
+ {
+ "name": "11684",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/11684"
+ },
+ {
+ "name": "GLSA-200411-27",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-200411-27.xml"
+ },
+ {
+ "name": "fcron-fcrontab-obtain-info(18078)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18078"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/1xxx/CVE-2004-1098.json b/2004/1xxx/CVE-2004-1098.json
index b85297255be..b5b6f7f12de 100644
--- a/2004/1xxx/CVE-2004-1098.json
+++ b/2004/1xxx/CVE-2004-1098.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-1098",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-1098",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20041026 [Mimedefang] SECURITY: Patch for MIME-tools",
- "refsource" : "MLIST",
- "url" : "http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html"
- },
- {
- "name" : "GLSA-200411-06",
- "refsource" : "GENTOO",
- "url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml"
- },
- {
- "name" : "MDKSA-2004:123",
- "refsource" : "MANDRAKE",
- "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:123"
- },
- {
- "name" : "11563",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/11563"
- },
- {
- "name" : "mimetools-boundary-virus-bypass(17940)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17940"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20041026 [Mimedefang] SECURITY: Patch for MIME-tools",
+ "refsource": "MLIST",
+ "url": "http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html"
+ },
+ {
+ "name": "MDKSA-2004:123",
+ "refsource": "MANDRAKE",
+ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:123"
+ },
+ {
+ "name": "mimetools-boundary-virus-bypass(17940)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17940"
+ },
+ {
+ "name": "11563",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/11563"
+ },
+ {
+ "name": "GLSA-200411-06",
+ "refsource": "GENTOO",
+ "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/1xxx/CVE-2004-1243.json b/2004/1xxx/CVE-2004-1243.json
index e9966d14017..23c3defc923 100644
--- a/2004/1xxx/CVE-2004-1243.json
+++ b/2004/1xxx/CVE-2004-1243.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-1243",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2004. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2004-1243",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2004. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/1xxx/CVE-2004-1331.json b/2004/1xxx/CVE-2004-1331.json
index de04ca6d5af..11854f4ccb9 100644
--- a/2004/1xxx/CVE-2004-1331.json
+++ b/2004/1xxx/CVE-2004-1331.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-1331",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the \"File Download - Security Warning\" dialog and save arbitrary files with arbitrary extensions via the SaveAs command."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-1331",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20041119 Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html"
- },
- {
- "name" : "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php",
- "refsource" : "MISC",
- "url" : "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php"
- },
- {
- "name" : "VU#743974",
- "refsource" : "CERT-VN",
- "url" : "http://www.kb.cert.org/vuls/id/743974"
- },
- {
- "name" : "13203",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/13203/"
- },
- {
- "name" : "11686",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/11686"
- },
- {
- "name" : "3220",
- "refsource" : "SREASON",
- "url" : "http://securityreason.com/securityalert/3220"
- },
- {
- "name" : "ie-execommand-warning-bypass(18181)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the \"File Download - Security Warning\" dialog and save arbitrary files with arbitrary extensions via the SaveAs command."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "3220",
+ "refsource": "SREASON",
+ "url": "http://securityreason.com/securityalert/3220"
+ },
+ {
+ "name": "ie-execommand-warning-bypass(18181)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181"
+ },
+ {
+ "name": "11686",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/11686"
+ },
+ {
+ "name": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php",
+ "refsource": "MISC",
+ "url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php"
+ },
+ {
+ "name": "13203",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/13203/"
+ },
+ {
+ "name": "20041119 Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html"
+ },
+ {
+ "name": "VU#743974",
+ "refsource": "CERT-VN",
+ "url": "http://www.kb.cert.org/vuls/id/743974"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/1xxx/CVE-2004-1538.json b/2004/1xxx/CVE-2004-1538.json
index 9df1ea3fdf8..b9f955a9a6b 100644
--- a/2004/1xxx/CVE-2004-1538.json
+++ b/2004/1xxx/CVE-2004-1538.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-1538",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-1538",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20041122 PHPKIT SQL Injection, XSS",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=110117116115493&w=2"
- },
- {
- "name" : "11725",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/11725"
- },
- {
- "name" : "13262",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/13262"
- },
- {
- "name" : "phpkit-include-sql-injection(18205)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18205"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "phpkit-include-sql-injection(18205)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18205"
+ },
+ {
+ "name": "11725",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/11725"
+ },
+ {
+ "name": "20041122 PHPKIT SQL Injection, XSS",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=110117116115493&w=2"
+ },
+ {
+ "name": "13262",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/13262"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/1xxx/CVE-2004-1544.json b/2004/1xxx/CVE-2004-1544.json
index 1718587940e..62c03e4b6ea 100644
--- a/2004/1xxx/CVE-2004-1544.json
+++ b/2004/1xxx/CVE-2004-1544.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-1544",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-1544",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20041124 STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=110135663220831&w=2"
- },
- {
- "name" : "11746",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/11746"
- },
- {
- "name" : "13285",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/13285/"
- },
- {
- "name" : "jspwiki-query-xss(18236)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18236"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20041124 STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=110135663220831&w=2"
+ },
+ {
+ "name": "jspwiki-query-xss(18236)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18236"
+ },
+ {
+ "name": "11746",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/11746"
+ },
+ {
+ "name": "13285",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/13285/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/2xxx/CVE-2004-2064.json b/2004/2xxx/CVE-2004-2064.json
index 17624262949..32d63ac57cb 100644
--- a/2004/2xxx/CVE-2004-2064.json
+++ b/2004/2xxx/CVE-2004-2064.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-2064",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-2064",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20040729 lostBook v1.1 Javascript Execution",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=109112282611808&w=2"
- },
- {
- "name" : "10825",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/10825"
- },
- {
- "name" : "8271",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/8271"
- },
- {
- "name" : "1010812",
- "refsource" : "SECTRACK",
- "url" : "http://securitytracker.com/id?1010812"
- },
- {
- "name" : "12190",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/12190"
- },
- {
- "name" : "lostbook-email-website-xss(16835)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16835"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "8271",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/8271"
+ },
+ {
+ "name": "1010812",
+ "refsource": "SECTRACK",
+ "url": "http://securitytracker.com/id?1010812"
+ },
+ {
+ "name": "lostbook-email-website-xss(16835)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16835"
+ },
+ {
+ "name": "20040729 lostBook v1.1 Javascript Execution",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=109112282611808&w=2"
+ },
+ {
+ "name": "10825",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/10825"
+ },
+ {
+ "name": "12190",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/12190"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/2xxx/CVE-2004-2672.json b/2004/2xxx/CVE-2004-2672.json
index c3bd4da3813..002ea869bcf 100644
--- a/2004/2xxx/CVE-2004-2672.json
+++ b/2004/2xxx/CVE-2004-2672.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-2672",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-2672",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx",
- "refsource" : "CONFIRM",
- "url" : "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx",
+ "refsource": "CONFIRM",
+ "url": "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/2xxx/CVE-2008-2596.json b/2008/2xxx/CVE-2008-2596.json
index e0669c59bdd..a983dec233a 100644
--- a/2008/2xxx/CVE-2008-2596.json
+++ b/2008/2xxx/CVE-2008-2596.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-2596",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in the Mobile Application Server component in Oracle E-Business Suite 12.0.3 has unknown impact and remote authenticated attack vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-2596",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
- },
- {
- "name" : "HPSBMA02133",
- "refsource" : "HP",
- "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
- },
- {
- "name" : "SSRT061201",
- "refsource" : "HP",
- "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
- },
- {
- "name" : "ADV-2008-2115",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2115"
- },
- {
- "name" : "ADV-2008-2109",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2109/references"
- },
- {
- "name" : "1020495",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1020495"
- },
- {
- "name" : "31113",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31113"
- },
- {
- "name" : "31087",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31087"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in the Mobile Application Server component in Oracle E-Business Suite 12.0.3 has unknown impact and remote authenticated attack vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
+ },
+ {
+ "name": "ADV-2008-2115",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2115"
+ },
+ {
+ "name": "1020495",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1020495"
+ },
+ {
+ "name": "SSRT061201",
+ "refsource": "HP",
+ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
+ },
+ {
+ "name": "HPSBMA02133",
+ "refsource": "HP",
+ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
+ },
+ {
+ "name": "ADV-2008-2109",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2109/references"
+ },
+ {
+ "name": "31087",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31087"
+ },
+ {
+ "name": "31113",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31113"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/2xxx/CVE-2008-2638.json b/2008/2xxx/CVE-2008-2638.json
index ca08699a274..c7eebc03348 100644
--- a/2008/2xxx/CVE-2008-2638.json
+++ b/2008/2xxx/CVE-2008-2638.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-2638",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-2638",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "5736",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/5736"
- },
- {
- "name" : "http://1scripts.net/php-scripts/index.php?p=16",
- "refsource" : "CONFIRM",
- "url" : "http://1scripts.net/php-scripts/index.php?p=16"
- },
- {
- "name" : "ADV-2008-1735",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/1735/references"
- },
- {
- "name" : "30146",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30146"
- },
- {
- "name" : "1book-guestbook-code-execution(42854)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42854"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "5736",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/5736"
+ },
+ {
+ "name": "30146",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30146"
+ },
+ {
+ "name": "1book-guestbook-code-execution(42854)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42854"
+ },
+ {
+ "name": "ADV-2008-1735",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/1735/references"
+ },
+ {
+ "name": "http://1scripts.net/php-scripts/index.php?p=16",
+ "refsource": "CONFIRM",
+ "url": "http://1scripts.net/php-scripts/index.php?p=16"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/2xxx/CVE-2008-2691.json b/2008/2xxx/CVE-2008-2691.json
index c997b2d864a..83de2dc3491 100644
--- a/2008/2xxx/CVE-2008-2691.json
+++ b/2008/2xxx/CVE-2008-2691.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-2691",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-2691",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "5753",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/5753"
- },
- {
- "name" : "29594",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/29594"
- },
- {
- "name" : "30569",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30569"
- },
- {
- "name" : "jiro-read-sql-injection(42919)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42919"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "jiro-read-sql-injection(42919)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42919"
+ },
+ {
+ "name": "30569",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30569"
+ },
+ {
+ "name": "5753",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/5753"
+ },
+ {
+ "name": "29594",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/29594"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/2xxx/CVE-2008-2912.json b/2008/2xxx/CVE-2008-2912.json
index e27a4839085..c1a22ee115b 100644
--- a/2008/2xxx/CVE-2008-2912.json
+++ b/2008/2xxx/CVE-2008-2912.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-2912",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenido_path parameter to (a) contenido/backend_search.php; the (2) cfg[path][contenido] parameter to (b) move_articles.php, (c) move_old_stats.php, (d) optimize_database.php, (e) run_newsletter_job.php, (f) send_reminder.php, (g) session_cleanup.php, and (h) setfrontenduserstate.php in contenido/cronjobs/, and (i) includes/include.newsletter_jobs_subnav.php and (j) plugins/content_allocation/includes/include.right_top.php in contenido/; the (3) cfg[path][templates] parameter to (k) includes/include.newsletter_jobs_subnav.php and (l) plugins/content_allocation/includes/include.right_top.php in contenido/; and the (4) cfg[templates][right_top_blank] parameter to (m) plugins/content_allocation/includes/include.right_top.php and (n) contenido/includes/include.newsletter_jobs_subnav.php in contenido/, different vectors than CVE-2006-5380."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-2912",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "5810",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/5810"
- },
- {
- "name" : "29719",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/29719"
- },
- {
- "name" : "30683",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30683"
- },
- {
- "name" : "contenido-multiple-parameters-file-include(43103)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43103"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenido_path parameter to (a) contenido/backend_search.php; the (2) cfg[path][contenido] parameter to (b) move_articles.php, (c) move_old_stats.php, (d) optimize_database.php, (e) run_newsletter_job.php, (f) send_reminder.php, (g) session_cleanup.php, and (h) setfrontenduserstate.php in contenido/cronjobs/, and (i) includes/include.newsletter_jobs_subnav.php and (j) plugins/content_allocation/includes/include.right_top.php in contenido/; the (3) cfg[path][templates] parameter to (k) includes/include.newsletter_jobs_subnav.php and (l) plugins/content_allocation/includes/include.right_top.php in contenido/; and the (4) cfg[templates][right_top_blank] parameter to (m) plugins/content_allocation/includes/include.right_top.php and (n) contenido/includes/include.newsletter_jobs_subnav.php in contenido/, different vectors than CVE-2006-5380."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "29719",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/29719"
+ },
+ {
+ "name": "5810",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/5810"
+ },
+ {
+ "name": "30683",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30683"
+ },
+ {
+ "name": "contenido-multiple-parameters-file-include(43103)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43103"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/3xxx/CVE-2008-3337.json b/2008/3xxx/CVE-2008-3337.json
index 65ee452c73f..1058339f5d4 100644
--- a/2008/3xxx/CVE-2008-3337.json
+++ b/2008/3xxx/CVE-2008-3337.json
@@ -1,137 +1,137 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-3337",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-3337",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
- "refsource" : "MLIST",
- "url" : "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
- },
- {
- "name" : "http://doc.powerdns.com/powerdns-advisory-2008-02.html",
- "refsource" : "CONFIRM",
- "url" : "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
- },
- {
- "name" : "http://doc.powerdns.com/changelog.html",
- "refsource" : "CONFIRM",
- "url" : "http://doc.powerdns.com/changelog.html"
- },
- {
- "name" : "DSA-1628",
- "refsource" : "DEBIAN",
- "url" : "https://www.debian.org/security/2008/dsa-1628"
- },
- {
- "name" : "FEDORA-2008-7048",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
- },
- {
- "name" : "FEDORA-2008-7083",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
- },
- {
- "name" : "GLSA-200812-19",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-200812-19.xml"
- },
- {
- "name" : "SUSE-SR:2008:017",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
- },
- {
- "name" : "30587",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/30587"
- },
- {
- "name" : "ADV-2008-2320",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2320"
- },
- {
- "name" : "31407",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31407"
- },
- {
- "name" : "31401",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31401"
- },
- {
- "name" : "31448",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31448"
- },
- {
- "name" : "31687",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31687"
- },
- {
- "name" : "33264",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/33264"
- },
- {
- "name" : "powerdns-query-weak-security(44253)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "SUSE-SR:2008:017",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
+ },
+ {
+ "name": "FEDORA-2008-7048",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
+ },
+ {
+ "name": "31401",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31401"
+ },
+ {
+ "name": "30587",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/30587"
+ },
+ {
+ "name": "31687",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31687"
+ },
+ {
+ "name": "http://doc.powerdns.com/changelog.html",
+ "refsource": "CONFIRM",
+ "url": "http://doc.powerdns.com/changelog.html"
+ },
+ {
+ "name": "31448",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31448"
+ },
+ {
+ "name": "DSA-1628",
+ "refsource": "DEBIAN",
+ "url": "https://www.debian.org/security/2008/dsa-1628"
+ },
+ {
+ "name": "http://doc.powerdns.com/powerdns-advisory-2008-02.html",
+ "refsource": "CONFIRM",
+ "url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
+ },
+ {
+ "name": "33264",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/33264"
+ },
+ {
+ "name": "FEDORA-2008-7083",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
+ },
+ {
+ "name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
+ "refsource": "MLIST",
+ "url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
+ },
+ {
+ "name": "powerdns-query-weak-security(44253)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
+ },
+ {
+ "name": "GLSA-200812-19",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
+ },
+ {
+ "name": "31407",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31407"
+ },
+ {
+ "name": "ADV-2008-2320",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2320"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/3xxx/CVE-2008-3471.json b/2008/3xxx/CVE-2008-3471.json
index d0f2f1f9198..85754c1c776 100644
--- a/2008/3xxx/CVE-2008-3471.json
+++ b/2008/3xxx/CVE-2008-3471.json
@@ -1,117 +1,117 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-3471",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka \"File Format Parsing Vulnerability.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secure@microsoft.com",
+ "ID": "CVE-2008-3471",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-068/",
- "refsource" : "MISC",
- "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-068/"
- },
- {
- "name" : "HPSBST02379",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
- },
- {
- "name" : "SSRT080143",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
- },
- {
- "name" : "MS08-057",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
- },
- {
- "name" : "TA08-288A",
- "refsource" : "CERT",
- "url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
- },
- {
- "name" : "31705",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/31705"
- },
- {
- "name" : "oval:org.mitre.oval:def:5750",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750"
- },
- {
- "name" : "ADV-2008-2808",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2808"
- },
- {
- "name" : "1021044",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1021044"
- },
- {
- "name" : "32211",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/32211"
- },
- {
- "name" : "excel-file-format-code-execution(45579)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45579"
- },
- {
- "name" : "win-ms08kb956416-update(45581)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka \"File Format Parsing Vulnerability.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "excel-file-format-code-execution(45579)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45579"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:5750",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750"
+ },
+ {
+ "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-068/",
+ "refsource": "MISC",
+ "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-068/"
+ },
+ {
+ "name": "SSRT080143",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
+ },
+ {
+ "name": "1021044",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1021044"
+ },
+ {
+ "name": "ADV-2008-2808",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2808"
+ },
+ {
+ "name": "31705",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/31705"
+ },
+ {
+ "name": "MS08-057",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057"
+ },
+ {
+ "name": "HPSBST02379",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
+ },
+ {
+ "name": "win-ms08kb956416-update(45581)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581"
+ },
+ {
+ "name": "TA08-288A",
+ "refsource": "CERT",
+ "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
+ },
+ {
+ "name": "32211",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/32211"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/6xxx/CVE-2008-6051.json b/2008/6xxx/CVE-2008-6051.json
index a59958de699..41380f9aa1d 100644
--- a/2008/6xxx/CVE-2008-6051.json
+++ b/2008/6xxx/CVE-2008-6051.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-6051",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-6051",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20081211 Meta Cart Free Database Disclosure",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/499123/100/0/threaded"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20081211 Meta Cart Free Database Disclosure",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/499123/100/0/threaded"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/6xxx/CVE-2008-6069.json b/2008/6xxx/CVE-2008-6069.json
index b7b4a138e34..d464a0f19b8 100644
--- a/2008/6xxx/CVE-2008-6069.json
+++ b/2008/6xxx/CVE-2008-6069.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-6069",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-6069",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20080605 e107 Plugin echat MENU Blind SQL Injection Vulnerability",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/493126/100/0/threaded"
- },
- {
- "name" : "30561",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30561"
- },
- {
- "name" : "echat-e107chat-sql-injection(42883)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42883"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "30561",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30561"
+ },
+ {
+ "name": "20080605 e107 Plugin echat MENU Blind SQL Injection Vulnerability",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/493126/100/0/threaded"
+ },
+ {
+ "name": "echat-e107chat-sql-injection(42883)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42883"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/6xxx/CVE-2008-6379.json b/2008/6xxx/CVE-2008-6379.json
index 2ded69ec522..2a902885ba2 100644
--- a/2008/6xxx/CVE-2008-6379.json
+++ b/2008/6xxx/CVE-2008-6379.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-6379",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-6379",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "7326",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/7326"
- },
- {
- "name" : "32607",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/32607"
- },
- {
- "name" : "32976",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/32976"
- },
- {
- "name" : "gallerymx-picspre-sql-injection(47039)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47039"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "7326",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/7326"
+ },
+ {
+ "name": "gallerymx-picspre-sql-injection(47039)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47039"
+ },
+ {
+ "name": "32607",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/32607"
+ },
+ {
+ "name": "32976",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/32976"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/6xxx/CVE-2008-6539.json b/2008/6xxx/CVE-2008-6539.json
index f8786132f1d..481d9d3b867 100644
--- a/2008/6xxx/CVE-2008-6539.json
+++ b/2008/6xxx/CVE-2008-6539.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-6539",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-6539",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "5305",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/5305"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "5305",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/5305"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/6xxx/CVE-2008-6789.json b/2008/6xxx/CVE-2008-6789.json
index 392199c85a8..0b897d2f0e0 100644
--- a/2008/6xxx/CVE-2008-6789.json
+++ b/2008/6xxx/CVE-2008-6789.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-6789",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-6789",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "6820",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/6820"
- },
- {
- "name" : "32358",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/32358"
- },
- {
- "name" : "photogallery-id-username-sql-injection(46075)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46075"
- },
- {
- "name" : "photogallery-username-sql-injection(50344)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50344"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "photogallery-id-username-sql-injection(46075)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46075"
+ },
+ {
+ "name": "32358",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/32358"
+ },
+ {
+ "name": "6820",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/6820"
+ },
+ {
+ "name": "photogallery-username-sql-injection(50344)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50344"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/6xxx/CVE-2008-6864.json b/2008/6xxx/CVE-2008-6864.json
index 8ff0571ed45..e0084b634d3 100644
--- a/2008/6xxx/CVE-2008-6864.json
+++ b/2008/6xxx/CVE-2008-6864.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-6864",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-6864",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "6892",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/6892"
- },
- {
- "name" : "32010",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/32010"
- },
- {
- "name" : "32472",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/32472"
- },
- {
- "name" : "absolutelivesupport-cookie-auth-bypass(46246)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46246"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "32010",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/32010"
+ },
+ {
+ "name": "6892",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/6892"
+ },
+ {
+ "name": "absolutelivesupport-cookie-auth-bypass(46246)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46246"
+ },
+ {
+ "name": "32472",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/32472"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/7xxx/CVE-2008-7033.json b/2008/7xxx/CVE-2008-7033.json
index b8e8bc8ac6c..9d5b649cb19 100644
--- a/2008/7xxx/CVE-2008-7033.json
+++ b/2008/7xxx/CVE-2008-7033.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-7033",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-7033",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20080224 joomla com_simpleshop SQL Injection(section) #",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/488692"
- },
- {
- "name" : "27977",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/27977"
- },
- {
- "name" : "52094",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/52094"
- },
- {
- "name" : "simpleshop-index-sql-injection(40802)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40802"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "simpleshop-index-sql-injection(40802)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40802"
+ },
+ {
+ "name": "20080224 joomla com_simpleshop SQL Injection(section) #",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/488692"
+ },
+ {
+ "name": "27977",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/27977"
+ },
+ {
+ "name": "52094",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/52094"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/5xxx/CVE-2012-5686.json b/2012/5xxx/CVE-2012-5686.json
index 800778728e1..84b7efcf151 100644
--- a/2012/5xxx/CVE-2012-5686.json
+++ b/2012/5xxx/CVE-2012-5686.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-5686",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-5686",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/2xxx/CVE-2013-2269.json b/2013/2xxx/CVE-2013-2269.json
index 28d2e16a810..a6b6fbda8ca 100644
--- a/2013/2xxx/CVE-2013-2269.json
+++ b/2013/2xxx/CVE-2013-2269.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-2269",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using \"parameter manipulation\" in conjunction with information from a \"default holding page\" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2013-2269",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.arubanetworks.com/support/alerts/aid-050813.asc",
- "refsource" : "CONFIRM",
- "url" : "http://www.arubanetworks.com/support/alerts/aid-050813.asc"
- },
- {
- "name" : "59805",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/59805"
- },
- {
- "name" : "53358",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/53358"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using \"parameter manipulation\" in conjunction with information from a \"default holding page\" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.arubanetworks.com/support/alerts/aid-050813.asc",
+ "refsource": "CONFIRM",
+ "url": "http://www.arubanetworks.com/support/alerts/aid-050813.asc"
+ },
+ {
+ "name": "59805",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/59805"
+ },
+ {
+ "name": "53358",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/53358"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2013/2xxx/CVE-2013-2577.json b/2013/2xxx/CVE-2013-2577.json
index b3d94bab964..3a0c38d5362 100644
--- a/2013/2xxx/CVE-2013-2577.json
+++ b/2013/2xxx/CVE-2013-2577.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2013-2577",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2013-2577",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20130722 CORE-2013-0705 - XnView Buffer Overflow Vulnerability",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html"
- },
- {
- "name" : "27049",
- "refsource" : "EXPLOIT-DB",
- "url" : "http://www.exploit-db.com/exploits/27049"
- },
- {
- "name" : "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability",
- "refsource" : "MISC",
- "url" : "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability"
- },
- {
- "name" : "http://newsgroup.xnview.com/viewtopic.php?f=35&t=28400",
- "refsource" : "CONFIRM",
- "url" : "http://newsgroup.xnview.com/viewtopic.php?f=35&t=28400"
- },
- {
- "name" : "95580",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/95580"
- },
- {
- "name" : "1028817",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1028817"
- },
- {
- "name" : "54174",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/54174"
- },
- {
- "name" : "xnview-pctfile-bo(85919)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85919"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=28400",
+ "refsource": "CONFIRM",
+ "url": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=28400"
+ },
+ {
+ "name": "xnview-pctfile-bo(85919)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85919"
+ },
+ {
+ "name": "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability",
+ "refsource": "MISC",
+ "url": "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability"
+ },
+ {
+ "name": "1028817",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1028817"
+ },
+ {
+ "name": "27049",
+ "refsource": "EXPLOIT-DB",
+ "url": "http://www.exploit-db.com/exploits/27049"
+ },
+ {
+ "name": "95580",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/95580"
+ },
+ {
+ "name": "20130722 CORE-2013-0705 - XnView Buffer Overflow Vulnerability",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html"
+ },
+ {
+ "name": "54174",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/54174"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/11xxx/CVE-2017-11295.json b/2017/11xxx/CVE-2017-11295.json
index 1ca197fee5c..d5f1921d877 100644
--- a/2017/11xxx/CVE-2017-11295.json
+++ b/2017/11xxx/CVE-2017-11295.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@adobe.com",
- "ID" : "CVE-2017-11295",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Adobe DNG Converter 9.12.1 and earlier versions",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Adobe DNG Converter 9.12.1 and earlier versions"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Memory Corruption"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@adobe.com",
+ "ID": "CVE-2017-11295",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Adobe DNG Converter 9.12.1 and earlier versions",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Adobe DNG Converter 9.12.1 and earlier versions"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html",
- "refsource" : "CONFIRM",
- "url" : "https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html"
- },
- {
- "name" : "101828",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/101828"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Memory Corruption"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "101828",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/101828"
+ },
+ {
+ "name": "https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html",
+ "refsource": "CONFIRM",
+ "url": "https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/11xxx/CVE-2017-11559.json b/2017/11xxx/CVE-2017-11559.json
index c3269d79658..7d749c16e87 100644
--- a/2017/11xxx/CVE-2017-11559.json
+++ b/2017/11xxx/CVE-2017-11559.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-11559",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-11559",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/11xxx/CVE-2017-11591.json b/2017/11xxx/CVE-2017-11591.json
index 605c6f1f6a5..bd215a6a89f 100644
--- a/2017/11xxx/CVE-2017-11591.json
+++ b/2017/11xxx/CVE-2017-11591.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-11591",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-11591",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1473888",
- "refsource" : "MISC",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1473888"
- },
- {
- "name" : "USN-3852-1",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3852-1/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "USN-3852-1",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3852-1/"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1473888",
+ "refsource": "MISC",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473888"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/11xxx/CVE-2017-11593.json b/2017/11xxx/CVE-2017-11593.json
index 234541230a8..e8d5c4d3c5d 100644
--- a/2017/11xxx/CVE-2017-11593.json
+++ b/2017/11xxx/CVE-2017-11593.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-11593",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-11593",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/volca/markdown-preview/commit/1181f044a5457d5e1ac35804ecd84e05977f1920",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/volca/markdown-preview/commit/1181f044a5457d5e1ac35804ecd84e05977f1920"
- },
- {
- "name" : "https://github.com/volca/markdown-preview/issues/60",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/volca/markdown-preview/issues/60"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/volca/markdown-preview/issues/60",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/volca/markdown-preview/issues/60"
+ },
+ {
+ "name": "https://github.com/volca/markdown-preview/commit/1181f044a5457d5e1ac35804ecd84e05977f1920",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/volca/markdown-preview/commit/1181f044a5457d5e1ac35804ecd84e05977f1920"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/11xxx/CVE-2017-11863.json b/2017/11xxx/CVE-2017-11863.json
index 7660d3927ef..50794de44af 100644
--- a/2017/11xxx/CVE-2017-11863.json
+++ b/2017/11xxx/CVE-2017-11863.json
@@ -1,73 +1,73 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secure@microsoft.com",
- "DATE_PUBLIC" : "2017-11-14T00:00:00",
- "ID" : "CVE-2017-11863",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Microsoft Edge",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Microsoft Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka \"Microsoft Edge Security Feature Bypass Vulnerability\". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Security Feature Bypass"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secure@microsoft.com",
+ "DATE_PUBLIC": "2017-11-14T00:00:00",
+ "ID": "CVE-2017-11863",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Microsoft Edge",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Microsoft Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863",
- "refsource" : "CONFIRM",
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863"
- },
- {
- "name" : "101748",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/101748"
- },
- {
- "name" : "1039801",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1039801"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka \"Microsoft Edge Security Feature Bypass Vulnerability\". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Security Feature Bypass"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "101748",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/101748"
+ },
+ {
+ "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863",
+ "refsource": "CONFIRM",
+ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863"
+ },
+ {
+ "name": "1039801",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1039801"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/14xxx/CVE-2017-14813.json b/2017/14xxx/CVE-2017-14813.json
index a621fd71a2a..d2b393195c0 100644
--- a/2017/14xxx/CVE-2017-14813.json
+++ b/2017/14xxx/CVE-2017-14813.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-14813",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2017-14813",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/14xxx/CVE-2017-14824.json b/2017/14xxx/CVE-2017-14824.json
index f2d662dbb71..3db8b7a84a8 100644
--- a/2017/14xxx/CVE-2017-14824.json
+++ b/2017/14xxx/CVE-2017-14824.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "zdi-disclosures@trendmicro.com",
- "ID" : "CVE-2017-14824",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Foxit Reader",
- "version" : {
- "version_data" : [
- {
- "version_value" : "8.3.1.21155"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Foxit"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "ID": "CVE-2017-14824",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Foxit Reader",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "8.3.1.21155"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Foxit"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://zerodayinitiative.com/advisories/ZDI-17-868",
- "refsource" : "MISC",
- "url" : "https://zerodayinitiative.com/advisories/ZDI-17-868"
- },
- {
- "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
- "refsource" : "CONFIRM",
- "url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://zerodayinitiative.com/advisories/ZDI-17-868",
+ "refsource": "MISC",
+ "url": "https://zerodayinitiative.com/advisories/ZDI-17-868"
+ },
+ {
+ "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
+ "refsource": "CONFIRM",
+ "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/14xxx/CVE-2017-14871.json b/2017/14xxx/CVE-2017-14871.json
index f3a33c7586e..62de430d6d4 100644
--- a/2017/14xxx/CVE-2017-14871.json
+++ b/2017/14xxx/CVE-2017-14871.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-14871",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-14871",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/15xxx/CVE-2017-15245.json b/2017/15xxx/CVE-2017-15245.json
index b768dc07d2d..d74e4f57e9a 100644
--- a/2017/15xxx/CVE-2017-15245.json
+++ b/2017/15xxx/CVE-2017-15245.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-15245",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to \"Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-15245",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15245",
- "refsource" : "MISC",
- "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15245"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to \"Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15245",
+ "refsource": "MISC",
+ "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15245"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/15xxx/CVE-2017-15574.json b/2017/15xxx/CVE-2017-15574.json
index 132e90e0339..87a46c4d700 100644
--- a/2017/15xxx/CVE-2017-15574.json
+++ b/2017/15xxx/CVE-2017-15574.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-15574",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-15574",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://www.redmine.org/issues/24199",
- "refsource" : "CONFIRM",
- "url" : "https://www.redmine.org/issues/24199"
- },
- {
- "name" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
- "refsource" : "CONFIRM",
- "url" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
- },
- {
- "name" : "DSA-4191",
- "refsource" : "DEBIAN",
- "url" : "https://www.debian.org/security/2018/dsa-4191"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.redmine.org/issues/24199",
+ "refsource": "CONFIRM",
+ "url": "https://www.redmine.org/issues/24199"
+ },
+ {
+ "name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
+ "refsource": "CONFIRM",
+ "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
+ },
+ {
+ "name": "DSA-4191",
+ "refsource": "DEBIAN",
+ "url": "https://www.debian.org/security/2018/dsa-4191"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/8xxx/CVE-2017-8106.json b/2017/8xxx/CVE-2017-8106.json
index 5ba8fbfe5e6..addf219e701 100644
--- a/2017/8xxx/CVE-2017-8106.json
+++ b/2017/8xxx/CVE-2017-8106.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-8106",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-8106",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=195167",
- "refsource" : "MISC",
- "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
- },
- {
- "name" : "https://launchpad.net/bugs/1678676",
- "refsource" : "MISC",
- "url" : "https://launchpad.net/bugs/1678676"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://bugzilla.kernel.org/show_bug.cgi?id=195167",
+ "refsource": "MISC",
+ "url": "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
+ },
+ {
+ "name": "https://launchpad.net/bugs/1678676",
+ "refsource": "MISC",
+ "url": "https://launchpad.net/bugs/1678676"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/8xxx/CVE-2017-8131.json b/2017/8xxx/CVE-2017-8131.json
index a45a342d5e9..c636577a63f 100644
--- a/2017/8xxx/CVE-2017-8131.json
+++ b/2017/8xxx/CVE-2017-8131.json
@@ -1,63 +1,63 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@huawei.com",
- "DATE_PUBLIC" : "2017-11-15T00:00:00",
- "ID" : "CVE-2017-8131",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "FusionSphere OpenStack",
- "version" : {
- "version_data" : [
- {
- "version_value" : "V100R006C00 and V100R006C10"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Huawei Technologies Co., Ltd."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Command Injection"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@huawei.com",
+ "DATE_PUBLIC": "2017-11-15T00:00:00",
+ "ID": "CVE-2017-8131",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "FusionSphere OpenStack",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "V100R006C00 and V100R006C10"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Huawei Technologies Co., Ltd."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
- "refsource" : "CONFIRM",
- "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Command Injection"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
+ "refsource": "CONFIRM",
+ "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/9xxx/CVE-2017-9758.json b/2017/9xxx/CVE-2017-9758.json
index 80e242f424b..979355ba4dc 100644
--- a/2017/9xxx/CVE-2017-9758.json
+++ b/2017/9xxx/CVE-2017-9758.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-9758",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka \"Inaudible Subversion.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-9758",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://community.rsa.com/community/products/netwitness/blog/2017/10/27/inaudible-subversion-did-your-hi-fi-just-subvert-your-pc",
- "refsource" : "MISC",
- "url" : "https://community.rsa.com/community/products/netwitness/blog/2017/10/27/inaudible-subversion-did-your-hi-fi-just-subvert-your-pc"
- },
- {
- "name" : "https://zeroday.hitcon.org/vulnerability/ZD-2017-00386",
- "refsource" : "MISC",
- "url" : "https://zeroday.hitcon.org/vulnerability/ZD-2017-00386"
- },
- {
- "name" : "VU#446847",
- "refsource" : "CERT-VN",
- "url" : "https://www.kb.cert.org/vuls/id/446847"
- },
- {
- "name" : "101700",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/101700"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka \"Inaudible Subversion.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://zeroday.hitcon.org/vulnerability/ZD-2017-00386",
+ "refsource": "MISC",
+ "url": "https://zeroday.hitcon.org/vulnerability/ZD-2017-00386"
+ },
+ {
+ "name": "VU#446847",
+ "refsource": "CERT-VN",
+ "url": "https://www.kb.cert.org/vuls/id/446847"
+ },
+ {
+ "name": "https://community.rsa.com/community/products/netwitness/blog/2017/10/27/inaudible-subversion-did-your-hi-fi-just-subvert-your-pc",
+ "refsource": "MISC",
+ "url": "https://community.rsa.com/community/products/netwitness/blog/2017/10/27/inaudible-subversion-did-your-hi-fi-just-subvert-your-pc"
+ },
+ {
+ "name": "101700",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/101700"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/1000xxx/CVE-2018-1000160.json b/2018/1000xxx/CVE-2018-1000160.json
index df262d001e4..a9b24c00d4b 100644
--- a/2018/1000xxx/CVE-2018-1000160.json
+++ b/2018/1000xxx/CVE-2018-1000160.json
@@ -1,75 +1,75 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "kurt@seifried.org",
- "DATE_ASSIGNED" : "2018-04-06T14:09:26.582922",
- "DATE_REQUESTED" : "2018-03-27T11:32:41",
- "ID" : "CVE-2018-1000160",
- "REQUESTER" : "cianmce@gmail.com",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "protect",
- "version" : {
- "version_data" : [
- {
- "version_value" : "1.2.0 and earlier"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "RisingStack"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Cross Site Scripting (XSS)"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "DATE_ASSIGNED": "2018-04-06T14:09:26.582922",
+ "DATE_REQUESTED": "2018-03-27T11:32:41",
+ "ID": "CVE-2018-1000160",
+ "REQUESTER": "cianmce@gmail.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://embed.plnkr.co/xHbhB29JWWyMUMeHsLrm",
- "refsource" : "MISC",
- "url" : "http://embed.plnkr.co/xHbhB29JWWyMUMeHsLrm"
- },
- {
- "name" : "https://github.com/RisingStack/protect/blob/60b0c91e86686d34e5202419ce9ae7e8dc08edcd/lib/rules/xss.js#L4-L13",
- "refsource" : "MISC",
- "url" : "https://github.com/RisingStack/protect/blob/60b0c91e86686d34e5202419ce9ae7e8dc08edcd/lib/rules/xss.js#L4-L13"
- },
- {
- "name" : "https://github.com/RisingStack/protect/issues/16",
- "refsource" : "MISC",
- "url" : "https://github.com/RisingStack/protect/issues/16"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/RisingStack/protect/blob/60b0c91e86686d34e5202419ce9ae7e8dc08edcd/lib/rules/xss.js#L4-L13",
+ "refsource": "MISC",
+ "url": "https://github.com/RisingStack/protect/blob/60b0c91e86686d34e5202419ce9ae7e8dc08edcd/lib/rules/xss.js#L4-L13"
+ },
+ {
+ "name": "http://embed.plnkr.co/xHbhB29JWWyMUMeHsLrm",
+ "refsource": "MISC",
+ "url": "http://embed.plnkr.co/xHbhB29JWWyMUMeHsLrm"
+ },
+ {
+ "name": "https://github.com/RisingStack/protect/issues/16",
+ "refsource": "MISC",
+ "url": "https://github.com/RisingStack/protect/issues/16"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/12xxx/CVE-2018-12302.json b/2018/12xxx/CVE-2018-12302.json
index 4148d81c944..47d31f4d115 100644
--- a/2018/12xxx/CVE-2018-12302.json
+++ b/2018/12xxx/CVE-2018-12302.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-12302",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-12302",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/12xxx/CVE-2018-12572.json b/2018/12xxx/CVE-2018-12572.json
index 2297fa86e70..50b77572835 100644
--- a/2018/12xxx/CVE-2018-12572.json
+++ b/2018/12xxx/CVE-2018-12572.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-12572",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-12572",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/12xxx/CVE-2018-12916.json b/2018/12xxx/CVE-2018-12916.json
index f8c60fc068d..23bdf190837 100644
--- a/2018/12xxx/CVE-2018-12916.json
+++ b/2018/12xxx/CVE-2018-12916.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-12916",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-12916",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/cloudwu/pbc/issues/120",
- "refsource" : "MISC",
- "url" : "https://github.com/cloudwu/pbc/issues/120"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/cloudwu/pbc/issues/120",
+ "refsource": "MISC",
+ "url": "https://github.com/cloudwu/pbc/issues/120"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/13xxx/CVE-2018-13357.json b/2018/13xxx/CVE-2018-13357.json
index 25c329c2d5b..e064b158ec5 100644
--- a/2018/13xxx/CVE-2018-13357.json
+++ b/2018/13xxx/CVE-2018-13357.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-13357",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-13357",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a",
- "refsource" : "MISC",
- "url" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a",
+ "refsource": "MISC",
+ "url": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/13xxx/CVE-2018-13451.json b/2018/13xxx/CVE-2018-13451.json
index 76fbf8b327f..85a0e140142 100644
--- a/2018/13xxx/CVE-2018-13451.json
+++ b/2018/13xxx/CVE-2018-13451.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-13451",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-13451",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/16xxx/CVE-2018-16196.json b/2018/16xxx/CVE-2018-16196.json
index c2e5ffaa727..db7d82f0e7b 100644
--- a/2018/16xxx/CVE-2018-16196.json
+++ b/2018/16xxx/CVE-2018-16196.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "vultures@jpcert.or.jp",
- "ID" : "CVE-2018-16196",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver",
- "version" : {
- "version_data" : [
- {
- "version_value" : "(CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Yokogawa Electric Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Denial-of-service (DoS)"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "ID": "CVE-2018-16196",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "(CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Yokogawa Electric Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://jvn.jp/vu/JVNVU93652047/index.html",
- "refsource" : "MISC",
- "url" : "https://jvn.jp/vu/JVNVU93652047/index.html"
- },
- {
- "name" : "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf",
- "refsource" : "MISC",
- "url" : "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
- },
- {
- "name" : "106442",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/106442"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Denial-of-service (DoS)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "106442",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/106442"
+ },
+ {
+ "name": "https://jvn.jp/vu/JVNVU93652047/index.html",
+ "refsource": "MISC",
+ "url": "https://jvn.jp/vu/JVNVU93652047/index.html"
+ },
+ {
+ "name": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf",
+ "refsource": "MISC",
+ "url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/16xxx/CVE-2018-16241.json b/2018/16xxx/CVE-2018-16241.json
index 2c8dddac9b3..2073949fa0d 100644
--- a/2018/16xxx/CVE-2018-16241.json
+++ b/2018/16xxx/CVE-2018-16241.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-16241",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-16241",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/16xxx/CVE-2018-16526.json b/2018/16xxx/CVE-2018-16526.json
index f05716f6719..d31379dc421 100644
--- a/2018/16xxx/CVE-2018-16526.json
+++ b/2018/16xxx/CVE-2018-16526.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-16526",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-16526",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
- "refsource" : "MISC",
- "url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
- },
- {
- "name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
- "refsource" : "MISC",
- "url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
- },
- {
- "name" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
+ },
+ {
+ "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
+ "refsource": "MISC",
+ "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
+ },
+ {
+ "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
+ "refsource": "MISC",
+ "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/16xxx/CVE-2018-16645.json b/2018/16xxx/CVE-2018-16645.json
index b6f98d990ff..de04e61ec00 100644
--- a/2018/16xxx/CVE-2018-16645.json
+++ b/2018/16xxx/CVE-2018-16645.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-16645",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-16645",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update",
- "refsource" : "MLIST",
- "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html"
- },
- {
- "name" : "https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832",
- "refsource" : "MISC",
- "url" : "https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832"
- },
- {
- "name" : "https://github.com/ImageMagick/ImageMagick/issues/1268",
- "refsource" : "MISC",
- "url" : "https://github.com/ImageMagick/ImageMagick/issues/1268"
- },
- {
- "name" : "DSA-4316",
- "refsource" : "DEBIAN",
- "url" : "https://www.debian.org/security/2018/dsa-4316"
- },
- {
- "name" : "USN-3785-1",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3785-1/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832",
+ "refsource": "MISC",
+ "url": "https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832"
+ },
+ {
+ "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update",
+ "refsource": "MLIST",
+ "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html"
+ },
+ {
+ "name": "https://github.com/ImageMagick/ImageMagick/issues/1268",
+ "refsource": "MISC",
+ "url": "https://github.com/ImageMagick/ImageMagick/issues/1268"
+ },
+ {
+ "name": "DSA-4316",
+ "refsource": "DEBIAN",
+ "url": "https://www.debian.org/security/2018/dsa-4316"
+ },
+ {
+ "name": "USN-3785-1",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3785-1/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/4xxx/CVE-2018-4004.json b/2018/4xxx/CVE-2018-4004.json
index 4efc4f50920..a7d3b3690fc 100644
--- a/2018/4xxx/CVE-2018-4004.json
+++ b/2018/4xxx/CVE-2018-4004.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-4004",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-4004",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/4xxx/CVE-2018-4078.json b/2018/4xxx/CVE-2018-4078.json
index 4de065e0301..379ea4c9e8f 100644
--- a/2018/4xxx/CVE-2018-4078.json
+++ b/2018/4xxx/CVE-2018-4078.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-4078",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-4078",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/4xxx/CVE-2018-4278.json b/2018/4xxx/CVE-2018-4278.json
index 8ed2bb61537..eb2dbd4410d 100644
--- a/2018/4xxx/CVE-2018-4278.json
+++ b/2018/4xxx/CVE-2018-4278.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "product-security@apple.com",
- "ID" : "CVE-2018-4278",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "product-security@apple.com",
+ "ID": "CVE-2018-4278",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://support.apple.com/HT208933,",
- "refsource" : "MISC",
- "url" : "https://support.apple.com/HT208933,"
- },
- {
- "name" : "https://support.apple.com/HT208934,",
- "refsource" : "MISC",
- "url" : "https://support.apple.com/HT208934,"
- },
- {
- "name" : "https://support.apple.com/HT208936,",
- "refsource" : "MISC",
- "url" : "https://support.apple.com/HT208936,"
- },
- {
- "name" : "https://support.apple.com/HT208938,",
- "refsource" : "MISC",
- "url" : "https://support.apple.com/HT208938,"
- },
- {
- "name" : "https://support.apple.com/HT208932",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT208932"
- },
- {
- "name" : "GLSA-201808-04",
- "refsource" : "GENTOO",
- "url" : "https://security.gentoo.org/glsa/201808-04"
- },
- {
- "name" : "USN-3743-1",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3743-1/"
- },
- {
- "name" : "1041232",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1041232"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://support.apple.com/HT208934,",
+ "refsource": "MISC",
+ "url": "https://support.apple.com/HT208934,"
+ },
+ {
+ "name": "https://support.apple.com/HT208932",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT208932"
+ },
+ {
+ "name": "USN-3743-1",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3743-1/"
+ },
+ {
+ "name": "GLSA-201808-04",
+ "refsource": "GENTOO",
+ "url": "https://security.gentoo.org/glsa/201808-04"
+ },
+ {
+ "name": "https://support.apple.com/HT208933,",
+ "refsource": "MISC",
+ "url": "https://support.apple.com/HT208933,"
+ },
+ {
+ "name": "https://support.apple.com/HT208938,",
+ "refsource": "MISC",
+ "url": "https://support.apple.com/HT208938,"
+ },
+ {
+ "name": "https://support.apple.com/HT208936,",
+ "refsource": "MISC",
+ "url": "https://support.apple.com/HT208936,"
+ },
+ {
+ "name": "1041232",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1041232"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/4xxx/CVE-2018-4568.json b/2018/4xxx/CVE-2018-4568.json
index 30230abbcda..ac3a183b9db 100644
--- a/2018/4xxx/CVE-2018-4568.json
+++ b/2018/4xxx/CVE-2018-4568.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-4568",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-4568",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/4xxx/CVE-2018-4689.json b/2018/4xxx/CVE-2018-4689.json
index 01a82fae29c..3111cda3a13 100644
--- a/2018/4xxx/CVE-2018-4689.json
+++ b/2018/4xxx/CVE-2018-4689.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-4689",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-4689",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file