diff --git a/2003/1xxx/CVE-2003-1290.json b/2003/1xxx/CVE-2003-1290.json index 0d41da9a0c5..2fc6fc59bce 100644 --- a/2003/1xxx/CVE-2003-1290.json +++ b/2003/1xxx/CVE-2003-1290.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA03-43.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/162" - }, - { - "name" : "9034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9034" - }, - { - "name" : "16215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16215" - }, - { - "name" : "3064", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3064" - }, - { - "name" : "10218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10218" - }, - { - "name" : "18396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18396" - }, - { - "name" : "weblogic-mbeanhome-obtain-information(13752)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA03-43.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/162" + }, + { + "name": "9034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9034" + }, + { + "name": "10218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10218" + }, + { + "name": "18396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18396" + }, + { + "name": "3064", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3064" + }, + { + "name": "16215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16215" + }, + { + "name": "weblogic-mbeanhome-obtain-information(13752)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13752" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1465.json b/2003/1xxx/CVE-2003-1465.json index b94955e49ea..e96bbb375ae 100644 --- a/2003/1xxx/CVE-2003-1465.json +++ b/2003/1xxx/CVE-2003-1465.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030513 Phorum Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/321310" - }, - { - "name" : "7569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7569" - }, - { - "name" : "3288", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3288" - }, - { - "name" : "phorum-download-directory-traversal(12482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7569" + }, + { + "name": "phorum-download-directory-traversal(12482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12482" + }, + { + "name": "3288", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3288" + }, + { + "name": "20030513 Phorum Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/321310" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1552.json b/2003/1xxx/CVE-2003-1552.json index 861f0c1b078..575dce5297f 100644 --- a/2003/1xxx/CVE-2003-1552.json +++ b/2003/1xxx/CVE-2003-1552.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030304 uploader.php script", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313819/30/25640/threaded" - }, - { - "name" : "20030304 uploader.php vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313787/30/25670/threaded" - }, - { - "name" : "uploader-uploads-file-upload(11467)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030304 uploader.php script", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313819/30/25640/threaded" + }, + { + "name": "uploader-uploads-file-upload(11467)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11467" + }, + { + "name": "20030304 uploader.php vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313787/30/25670/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0019.json b/2004/0xxx/CVE-2004-0019.json index ee808e631c5..6e1a9d36b44 100644 --- a/2004/0xxx/CVE-2004-0019.json +++ b/2004/0xxx/CVE-2004-0019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0019", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0019", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0140.json b/2004/0xxx/CVE-2004-0140.json index d0fd4de8652..a9649730749 100644 --- a/2004/0xxx/CVE-2004-0140.json +++ b/2004/0xxx/CVE-2004-0140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0140", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0140", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0527.json b/2004/0xxx/CVE-2004-0527.json index 5ee4a28f800..9f7b2ed9cf1 100644 --- a/2004/0xxx/CVE-2004-0527.json +++ b/2004/0xxx/CVE-2004-0527.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10383" - }, - { - "name" : "6579", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6579" - }, - { - "name" : "ie-ahref-url-spoofing(16102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6579", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6579" + }, + { + "name": "ie-ahref-url-spoofing(16102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" + }, + { + "name": "10383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10383" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0704.json b/2004/0xxx/CVE-2004-0704.json index f4e98eab1d8..33bcd73b177 100644 --- a/2004/0xxx/CVE-2004-0704.json +++ b/2004/0xxx/CVE-2004-0704.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040710 [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108965446813639&w=2" - }, - { - "name" : "bugzilla-product-name-disclosure(16671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16671" - }, - { - "name" : "10698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10698" + }, + { + "name": "20040710 [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108965446813639&w=2" + }, + { + "name": "bugzilla-product-name-disclosure(16671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16671" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0772.json b/2004/0xxx/CVE-2004-0772.json index 648987bacb6..b1fd836be54 100644 --- a/2004/0xxx/CVE-2004-0772.json +++ b/2004/0xxx/CVE-2004-0772.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt" - }, - { - "name" : "TA04-247A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-247A.html" - }, - { - "name" : "VU#350792", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/350792" - }, - { - "name" : "CLA-2004:860", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860" - }, - { - "name" : "DSA-543", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-543" - }, - { - "name" : "GLSA-200409-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml" - }, - { - "name" : "MDKSA-2004:088", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:088" - }, - { - "name" : "2004-0045", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0045/" - }, - { - "name" : "20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109508872524753&w=2" - }, - { - "name" : "11078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11078" - }, - { - "name" : "oval:org.mitre.oval:def:4661", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661" - }, - { - "name" : "kerberos-krb524d-double-free(17158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2004:860", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860" + }, + { + "name": "kerberos-krb524d-double-free(17158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17158" + }, + { + "name": "VU#350792", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/350792" + }, + { + "name": "2004-0045", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0045/" + }, + { + "name": "DSA-543", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-543" + }, + { + "name": "TA04-247A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-247A.html" + }, + { + "name": "GLSA-200409-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml" + }, + { + "name": "20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109508872524753&w=2" + }, + { + "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt" + }, + { + "name": "MDKSA-2004:088", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:088" + }, + { + "name": "oval:org.mitre.oval:def:4661", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661" + }, + { + "name": "11078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11078" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0914.json b/2004/0xxx/CVE-2004-0914.json index e8f46db265a..9b2edfcbe9f 100644 --- a/2004/0xxx/CVE-2004-0914.json +++ b/2004/0xxx/CVE-2004-0914.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" - }, - { - "name" : "DSA-607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-607" - }, - { - "name" : "FEDORA-2004-433", - "refsource" : "FEDORA", - "url" : "http://www.linuxsecurity.com/content/view/106877/102/" - }, - { - "name" : "FLSA-2006:152803", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" - }, - { - "name" : "GLSA-200411-28", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" - }, - { - "name" : "GLSA-200502-06", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" - }, - { - "name" : "GLSA-200502-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" - }, - { - "name" : "HPSBTU01228", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" - }, - { - "name" : "MDKSA-2004:137", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" - }, - { - "name" : "RHSA-2004:537", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2004-537.html" - }, - { - "name" : "RHSA-2005:004", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-004.html" - }, - { - "name" : "RHSA-2004:610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-610.html" - }, - { - "name" : "USN-83-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-83-1" - }, - { - "name" : "USN-83-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-83-2" - }, - { - "name" : "11694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11694" - }, - { - "name" : "oval:org.mitre.oval:def:9943", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" - }, - { - "name" : "13224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13224/" - }, - { - "name" : "libxpm-image-bo(18142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" - }, - { - "name" : "libxpm-improper-memory-access(18144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" - }, - { - "name" : "libxpm-command-execution(18145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" - }, - { - "name" : "libxpm-directory-traversal(18146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" - }, - { - "name" : "libxpm-dos(18147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:004", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" + }, + { + "name": "libxpm-directory-traversal(18146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" + }, + { + "name": "USN-83-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-83-1" + }, + { + "name": "RHSA-2004:537", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" + }, + { + "name": "libxpm-image-bo(18142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" + }, + { + "name": "13224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13224/" + }, + { + "name": "oval:org.mitre.oval:def:9943", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" + }, + { + "name": "FEDORA-2004-433", + "refsource": "FEDORA", + "url": "http://www.linuxsecurity.com/content/view/106877/102/" + }, + { + "name": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch", + "refsource": "CONFIRM", + "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" + }, + { + "name": "RHSA-2004:610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" + }, + { + "name": "libxpm-improper-memory-access(18144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" + }, + { + "name": "GLSA-200502-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" + }, + { + "name": "FLSA-2006:152803", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" + }, + { + "name": "DSA-607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-607" + }, + { + "name": "11694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11694" + }, + { + "name": "GLSA-200502-06", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" + }, + { + "name": "USN-83-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-83-2" + }, + { + "name": "HPSBTU01228", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" + }, + { + "name": "MDKSA-2004:137", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" + }, + { + "name": "GLSA-200411-28", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" + }, + { + "name": "libxpm-dos(18147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" + }, + { + "name": "libxpm-command-execution(18145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1036.json b/2004/1xxx/CVE-2004-1036.json index b970aa0e588..072634bb6e7 100644 --- a/2004/1xxx/CVE-2004-1036.json +++ b/2004/1xxx/CVE-2004-1036.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041110 [SquirrelMail Security Advisory] Cross Site Scripting in encoded text", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110012133608004&w=2" - }, - { - "name" : "http://www.squirrelmail.org/", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/" - }, - { - "name" : "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff", - "refsource" : "CONFIRM", - "url" : "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff" - }, - { - "name" : "APPLE-SA-2005-01-25", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2005-03-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" - }, - { - "name" : "CLA-2004:905", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905" - }, - { - "name" : "GLSA-200411-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml" - }, - { - "name" : "oval:org.mitre.oval:def:9592", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592" - }, - { - "name" : "squirrelmail-mime-xss(18031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-01-25", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html" + }, + { + "name": "GLSA-200411-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml" + }, + { + "name": "squirrelmail-mime-xss(18031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18031" + }, + { + "name": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff", + "refsource": "CONFIRM", + "url": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff" + }, + { + "name": "http://www.squirrelmail.org/", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/" + }, + { + "name": "APPLE-SA-2005-03-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:9592", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592" + }, + { + "name": "CLA-2004:905", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905" + }, + { + "name": "20041110 [SquirrelMail Security Advisory] Cross Site Scripting in encoded text", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110012133608004&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1487.json b/2004/1xxx/CVE-2004-1487.json index cc141e7de02..a2de0de20b0 100644 --- a/2004/1xxx/CVE-2004-1487.json +++ b/2004/1xxx/CVE-2004-1487.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110269474112384&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755" - }, - { - "name" : "RHSA-2005:771", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-771.html" - }, - { - "name" : "USN-145-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/145-1/" - }, - { - "name" : "11871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11871" - }, - { - "name" : "oval:org.mitre.oval:def:11682", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682" - }, - { - "name" : "1012472", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012472" - }, - { - "name" : "wget-file-overwrite(18420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:771", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html" + }, + { + "name": "11871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11871" + }, + { + "name": "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2" + }, + { + "name": "USN-145-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/145-1/" + }, + { + "name": "wget-file-overwrite(18420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420" + }, + { + "name": "oval:org.mitre.oval:def:11682", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755" + }, + { + "name": "1012472", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012472" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1616.json b/2004/1xxx/CVE-2004-1616.json index aaf9f180494..9af425e2dfb 100644 --- a/2004/1xxx/CVE-2004-1616.json +++ b/2004/1xxx/CVE-2004-1616.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041018 Web browsers - a mini-farce", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109811406620511&w=2" - }, - { - "name" : "20041018 Web browsers - a mini-farce", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html" - }, - { - "name" : "http://lcamtuf.coredump.cx/mangleme/gallery/", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/mangleme/gallery/" - }, - { - "name" : "11442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11442" - }, - { - "name" : "1011808", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011808" - }, - { - "name" : "links-large-table-dos(17803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041018 Web browsers - a mini-farce", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109811406620511&w=2" + }, + { + "name": "20041018 Web browsers - a mini-farce", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html" + }, + { + "name": "1011808", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011808" + }, + { + "name": "11442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11442" + }, + { + "name": "links-large-table-dos(17803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17803" + }, + { + "name": "http://lcamtuf.coredump.cx/mangleme/gallery/", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/mangleme/gallery/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1797.json b/2004/1xxx/CVE-2004-1797.json index 081614ba55d..f2ca426b918 100644 --- a/2004/1xxx/CVE-2004-1797.json +++ b/2004/1xxx/CVE-2004-1797.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.freznoshop.com/changelog_en.htm", - "refsource" : "CONFIRM", - "url" : "http://www.freznoshop.com/changelog_en.htm" - }, - { - "name" : "9359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9359" - }, - { - "name" : "3335", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3335" - }, - { - "name" : "1008606", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008606" - }, - { - "name" : "10547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10547" - }, - { - "name" : "freznoshop-searchphp-xss(14147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9359" + }, + { + "name": "freznoshop-searchphp-xss(14147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14147" + }, + { + "name": "1008606", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008606" + }, + { + "name": "http://www.freznoshop.com/changelog_en.htm", + "refsource": "CONFIRM", + "url": "http://www.freznoshop.com/changelog_en.htm" + }, + { + "name": "10547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10547" + }, + { + "name": "3335", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3335" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2062.json b/2004/2xxx/CVE-2004-2062.json index 5456652ce19..4bb13c608e8 100644 --- a/2004/2xxx/CVE-2004-2062.json +++ b/2004/2xxx/CVE-2004-2062.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040728 AntiBoard <= 0.7.2 XSS/SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109105610220965&w=2" - }, - { - "name" : "10821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10821" - }, - { - "name" : "12137", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12137" - }, - { - "name" : "antiboard-get-sql-injection(16828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10821" + }, + { + "name": "20040728 AntiBoard <= 0.7.2 XSS/SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109105610220965&w=2" + }, + { + "name": "12137", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12137" + }, + { + "name": "antiboard-get-sql-injection(16828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16828" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2475.json b/2004/2xxx/CVE-2004-2475.json index a87808f5cff..79bf677050a 100644 --- a/2004/2xxx/CVE-2004-2475.json +++ b/2004/2xxx/CVE-2004-2475.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040917 GoogleToolbar:About -- Allows Script Injection", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.html" - }, - { - "name" : "20040918 Re: GoogleToolbar:About -- Allows Script Injection", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html" - }, - { - "name" : "20040918 Re: GoogleToolbar:About -- Allows Script Injection", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html" - }, - { - "name" : "11210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11210" - }, - { - "name" : "10037", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10037" - }, - { - "name" : "1011351", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011351" - }, - { - "name" : "google-toolbar-about-code-execution(17435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1011351", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011351" + }, + { + "name": "11210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11210" + }, + { + "name": "google-toolbar-about-code-execution(17435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17435" + }, + { + "name": "20040918 Re: GoogleToolbar:About -- Allows Script Injection", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html" + }, + { + "name": "20040917 GoogleToolbar:About -- Allows Script Injection", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.html" + }, + { + "name": "10037", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10037" + }, + { + "name": "20040918 Re: GoogleToolbar:About -- Allows Script Injection", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2695.json b/2004/2xxx/CVE-2004-2695.json index 57171d7ac5c..e9868298806 100644 --- a/2004/2xxx/CVE-2004-2695.json +++ b/2004/2xxx/CVE-2004-2695.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/unixfocus/5BP0E15E0M.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5BP0E15E0M.html" - }, - { - "name" : "http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379" - }, - { - "name" : "http://www.vbulletin.com/forum/showthread.php?t=124876", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/showthread.php?t=124876" - }, - { - "name" : "11193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11193" - }, - { - "name" : "12531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12531/" - }, - { - "name" : "vbulletin-itemnumber-sql-injection(17365)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12531/" + }, + { + "name": "11193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11193" + }, + { + "name": "http://www.vbulletin.com/forum/showthread.php?t=124876", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/showthread.php?t=124876" + }, + { + "name": "vbulletin-itemnumber-sql-injection(17365)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17365" + }, + { + "name": "http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379" + }, + { + "name": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2003.json b/2008/2xxx/CVE-2008-2003.json index c85ffed7704..6ab1b517be3 100644 --- a/2008/2xxx/CVE-2008-2003.json +++ b/2008/2xxx/CVE-2008-2003.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080424 DDIVRT-2008-11 BadBlue uninst.exe DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491282/100/0/threaded" - }, - { - "name" : "3832", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3832" - }, - { - "name" : "badblue-multiple-weak-security(42090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3832", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3832" + }, + { + "name": "badblue-multiple-weak-security(42090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42090" + }, + { + "name": "20080424 DDIVRT-2008-11 BadBlue uninst.exe DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491282/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2199.json b/2008/2xxx/CVE-2008-2199.json index 6dba215097b..50a41a2d06f 100644 --- a/2008/2xxx/CVE-2008-2199.json +++ b/2008/2xxx/CVE-2008-2199.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080505 [ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491609/100/0/threaded" - }, - { - "name" : "5545", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5545" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv94-K-159-2008.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv94-K-159-2008.txt" - }, - { - "name" : "29044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29044" - }, - { - "name" : "30087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30087" - }, - { - "name" : "3878", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3878" - }, - { - "name" : "kmitamail-htmlcode-file-include(42187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29044" + }, + { + "name": "30087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30087" + }, + { + "name": "3878", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3878" + }, + { + "name": "20080505 [ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491609/100/0/threaded" + }, + { + "name": "kmitamail-htmlcode-file-include(42187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42187" + }, + { + "name": "http://advisories.echo.or.id/adv/adv94-K-159-2008.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv94-K-159-2008.txt" + }, + { + "name": "5545", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5545" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2327.json b/2008/2xxx/CVE-2008-2327.json index 5a32f5b531f..9a1ba9c31d4 100644 --- a/2008/2xxx/CVE-2008-2327.json +++ b/2008/2xxx/CVE-2008-2327.json @@ -1,292 +1,292 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080905 rPSA-2008-0268-1 libtiff", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496033/100/0/threaded" - }, - { - "name" : "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497962/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0017.html", - "refsource" : "MISC", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0017.html" - }, - { - "name" : "http://security-tracker.debian.net/tracker/CVE-2008-2327", - "refsource" : "CONFIRM", - "url" : "http://security-tracker.debian.net/tracker/CVE-2008-2327" - }, - { - "name" : "http://security-tracker.debian.net/tracker/DSA-1632-1", - "refsource" : "CONFIRM", - "url" : "http://security-tracker.debian.net/tracker/DSA-1632-1" - }, - { - "name" : "http://security-tracker.debian.net/tracker/DTSA-160-1", - "refsource" : "CONFIRM", - "url" : "http://security-tracker.debian.net/tracker/DTSA-160-1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=458674", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=458674" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=234080", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=234080" - }, - { - "name" : "http://support.apple.com/kb/HT3298", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3298" - }, - { - "name" : "http://support.apple.com/kb/HT3318", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3318" - }, - { - "name" : "http://support.apple.com/kb/HT3276", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3276" - }, - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "APPLE-SA-2008-11-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html" - }, - { - "name" : "APPLE-SA-2008-11-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html" - }, - { - "name" : "DSA-1632", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1632" - }, - { - "name" : "FEDORA-2008-7370", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html" - }, - { - "name" : "FEDORA-2008-7388", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html" - }, - { - "name" : "GLSA-200809-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200809-07.xml" - }, - { - "name" : "MDVSA-2008:184", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:184" - }, - { - "name" : "RHSA-2008:0847", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0847.html" - }, - { - "name" : "RHSA-2008:0848", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0848.html" - }, - { - "name" : "RHSA-2008:0863", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0863.html" - }, - { - "name" : "265030", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1" - }, - { - "name" : "SUSE-SR:2008:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" - }, - { - "name" : "USN-639-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-639-1" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "30832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30832" - }, - { - "name" : "oval:org.mitre.oval:def:11489", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489" - }, - { - "name" : "oval:org.mitre.oval:def:5514", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514" - }, - { - "name" : "32706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32706" - }, - { - "name" : "ADV-2008-2438", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2438" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "ADV-2008-2971", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2971" - }, - { - "name" : "ADV-2008-3232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3232" - }, - { - "name" : "ADV-2008-3107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3107" - }, - { - "name" : "ADV-2008-2776", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2776" - }, - { - "name" : "1020750", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020750" - }, - { - "name" : "31610", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31610" - }, - { - "name" : "31623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31623" - }, - { - "name" : "31668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31668" - }, - { - "name" : "31670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31670" - }, - { - "name" : "31698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31698" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "31838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31838" - }, - { - "name" : "32756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32756" - }, - { - "name" : "31982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31982" - }, - { - "name" : "ADV-2009-2143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "265030", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1" + }, + { + "name": "31670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31670" + }, + { + "name": "MDVSA-2008:184", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:184" + }, + { + "name": "APPLE-SA-2008-11-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html" + }, + { + "name": "20080905 rPSA-2008-0268-1 libtiff", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496033/100/0/threaded" + }, + { + "name": "31838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31838" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=234080", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=234080" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "31982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31982" + }, + { + "name": "31698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31698" + }, + { + "name": "FEDORA-2008-7388", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html" + }, + { + "name": "ADV-2008-2971", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2971" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "ADV-2008-2776", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2776" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html", + "refsource": "MISC", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html" + }, + { + "name": "RHSA-2008:0863", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0863.html" + }, + { + "name": "APPLE-SA-2008-11-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html" + }, + { + "name": "31623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31623" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "http://security-tracker.debian.net/tracker/CVE-2008-2327", + "refsource": "CONFIRM", + "url": "http://security-tracker.debian.net/tracker/CVE-2008-2327" + }, + { + "name": "1020750", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020750" + }, + { + "name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded" + }, + { + "name": "ADV-2008-3107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3107" + }, + { + "name": "31610", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31610" + }, + { + "name": "30832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30832" + }, + { + "name": "http://security-tracker.debian.net/tracker/DTSA-160-1", + "refsource": "CONFIRM", + "url": "http://security-tracker.debian.net/tracker/DTSA-160-1" + }, + { + "name": "oval:org.mitre.oval:def:11489", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489" + }, + { + "name": "SUSE-SR:2008:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" + }, + { + "name": "ADV-2008-3232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3232" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "RHSA-2008:0848", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0848.html" + }, + { + "name": "31668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31668" + }, + { + "name": "ADV-2009-2143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2143" + }, + { + "name": "32706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32706" + }, + { + "name": "oval:org.mitre.oval:def:5514", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514" + }, + { + "name": "DSA-1632", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1632" + }, + { + "name": "http://support.apple.com/kb/HT3318", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3318" + }, + { + "name": "http://security-tracker.debian.net/tracker/DSA-1632-1", + "refsource": "CONFIRM", + "url": "http://security-tracker.debian.net/tracker/DSA-1632-1" + }, + { + "name": "http://support.apple.com/kb/HT3298", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3298" + }, + { + "name": "USN-639-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-639-1" + }, + { + "name": "RHSA-2008:0847", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0847.html" + }, + { + "name": "http://support.apple.com/kb/HT3276", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3276" + }, + { + "name": "ADV-2008-2438", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2438" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=458674", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458674" + }, + { + "name": "32756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32756" + }, + { + "name": "GLSA-200809-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200809-07.xml" + }, + { + "name": "FEDORA-2008-7370", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2484.json b/2008/2xxx/CVE-2008-2484.json index a4e62749a32..60159428bd1 100644 --- a/2008/2xxx/CVE-2008-2484.json +++ b/2008/2xxx/CVE-2008-2484.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5673", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5673" - }, - { - "name" : "29358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29358" - }, - { - "name" : "ADV-2008-1644", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1644/references" - }, - { - "name" : "30374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30374" - }, - { - "name" : "xomolcms-index-sql-injection(42631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5673", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5673" + }, + { + "name": "ADV-2008-1644", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1644/references" + }, + { + "name": "29358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29358" + }, + { + "name": "xomolcms-index-sql-injection(42631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42631" + }, + { + "name": "30374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30374" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2519.json b/2008/2xxx/CVE-2008-2519.json index 687ae7e27a7..c0aa6f20bda 100644 --- a/2008/2xxx/CVE-2008-2519.json +++ b/2008/2xxx/CVE-2008-2519.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vuln.sg/coreftp211565-en.html", - "refsource" : "MISC", - "url" : "http://vuln.sg/coreftp211565-en.html" - }, - { - "name" : "http://www.coreftp.com/forums/viewtopic.php?t=6078", - "refsource" : "CONFIRM", - "url" : "http://www.coreftp.com/forums/viewtopic.php?t=6078" - }, - { - "name" : "29362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29362" - }, - { - "name" : "ADV-2008-1643", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1643/references" - }, - { - "name" : "30389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30389" - }, - { - "name" : "coreftp-list-directory-traversal(42605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coreftp-list-directory-traversal(42605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42605" + }, + { + "name": "http://vuln.sg/coreftp211565-en.html", + "refsource": "MISC", + "url": "http://vuln.sg/coreftp211565-en.html" + }, + { + "name": "29362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29362" + }, + { + "name": "ADV-2008-1643", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1643/references" + }, + { + "name": "30389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30389" + }, + { + "name": "http://www.coreftp.com/forums/viewtopic.php?t=6078", + "refsource": "CONFIRM", + "url": "http://www.coreftp.com/forums/viewtopic.php?t=6078" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2801.json b/2008/2xxx/CVE-2008-2801.json index b100953af03..25e31d9d4e0 100644 --- a/2008/2xxx/CVE-2008-2801.json +++ b/2008/2xxx/CVE-2008-2801.json @@ -1,287 +1,287 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080708 rPSA-2008-0216-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-23.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418996", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418996" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424188", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424188" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424426", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424426" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2646", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2646" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216" - }, - { - "name" : "DSA-1607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1607" - }, - { - "name" : "DSA-1615", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1615" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "FEDORA-2008-6127", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" - }, - { - "name" : "FEDORA-2008-6193", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" - }, - { - "name" : "FEDORA-2008-6196", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" - }, - { - "name" : "GLSA-200808-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml" - }, - { - "name" : "MDVSA-2008:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" - }, - { - "name" : "RHSA-2008:0547", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0547.html" - }, - { - "name" : "RHSA-2008:0549", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0549.html" - }, - { - "name" : "RHSA-2008:0569", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0569.html" - }, - { - "name" : "RHSA-2008:0616", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html" - }, - { - "name" : "SSA:2008-191-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" - }, - { - "name" : "SSA:2008-191", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:034", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" - }, - { - "name" : "USN-619-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-619-1" - }, - { - "name" : "30038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30038" - }, - { - "name" : "oval:org.mitre.oval:def:11810", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "31076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31076" - }, - { - "name" : "ADV-2008-1993", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1993/references" - }, - { - "name" : "1020419", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020419" - }, - { - "name" : "30911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30911" - }, - { - "name" : "30878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30878" - }, - { - "name" : "30898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30898" - }, - { - "name" : "30903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30903" - }, - { - "name" : "30949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30949" - }, - { - "name" : "31005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31005" - }, - { - "name" : "31008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31008" - }, - { - "name" : "31069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31069" - }, - { - "name" : "31023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31023" - }, - { - "name" : "31183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31183" - }, - { - "name" : "31195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31195" - }, - { - "name" : "31377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31377" - }, - { - "name" : "31021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31021" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2008:034", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" + }, + { + "name": "RHSA-2008:0549", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "31021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31021" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=418996", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=418996" + }, + { + "name": "30898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30898" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=424188", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=424188" + }, + { + "name": "oval:org.mitre.oval:def:11810", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2646", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2646" + }, + { + "name": "30949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30949" + }, + { + "name": "SSA:2008-191-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "31069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31069" + }, + { + "name": "31008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31008" + }, + { + "name": "31377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31377" + }, + { + "name": "RHSA-2008:0616", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html" + }, + { + "name": "ADV-2008-1993", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1993/references" + }, + { + "name": "31023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31023" + }, + { + "name": "30038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30038" + }, + { + "name": "DSA-1607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1607" + }, + { + "name": "GLSA-200808-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml" + }, + { + "name": "31005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31005" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "FEDORA-2008-6127", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" + }, + { + "name": "1020419", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020419" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" + }, + { + "name": "31183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31183" + }, + { + "name": "30903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30903" + }, + { + "name": "RHSA-2008:0547", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html" + }, + { + "name": "FEDORA-2008-6193", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "SSA:2008-191", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" + }, + { + "name": "DSA-1615", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1615" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=424426", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=424426" + }, + { + "name": "31195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31195" + }, + { + "name": "31076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31076" + }, + { + "name": "USN-619-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-619-1" + }, + { + "name": "30911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30911" + }, + { + "name": "RHSA-2008:0569", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html" + }, + { + "name": "30878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30878" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-23.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-23.html" + }, + { + "name": "20080708 rPSA-2008-0216-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" + }, + { + "name": "FEDORA-2008-6196", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + }, + { + "name": "MDVSA-2008:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6134.json b/2008/6xxx/CVE-2008-6134.json index a774818f152..de90422673d 100644 --- a/2008/6xxx/CVE-2008-6134.json +++ b/2008/6xxx/CVE-2008-6134.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/318746", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/318746" - }, - { - "name" : "31656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31656" - }, - { - "name" : "32194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32194" - }, - { - "name" : "everyblog-unspecified-sql-injection(45756)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31656" + }, + { + "name": "32194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32194" + }, + { + "name": "http://drupal.org/node/318746", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/318746" + }, + { + "name": "everyblog-unspecified-sql-injection(45756)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45756" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6232.json b/2008/6xxx/CVE-2008-6232.json index 6144e225c2e..e92b0acb299 100644 --- a/2008/6xxx/CVE-2008-6232.json +++ b/2008/6xxx/CVE-2008-6232.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to \"admin\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6998", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6998" - }, - { - "name" : "ADV-2008-3017", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3017" - }, - { - "name" : "32557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32557" - }, - { - "name" : "preshoppingmall-cookie-auth-bypass(48984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to \"admin\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3017", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3017" + }, + { + "name": "6998", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6998" + }, + { + "name": "preshoppingmall-cookie-auth-bypass(48984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48984" + }, + { + "name": "32557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32557" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6393.json b/2008/6xxx/CVE-2008-6393.json index 08b3469d5d1..a12a75c70eb 100644 --- a/2008/6xxx/CVE-2008-6393.json +++ b/2008/6xxx/CVE-2008-6393.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081223 [ISecAuditors Security Advisories] PSI remote integer overflow DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499563" - }, - { - "name" : "7555", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7555" - }, - { - "name" : "[oss-security] 20090225 CVE request: Psi <0.12.1 DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/25/5" - }, - { - "name" : "http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html", - "refsource" : "MISC", - "url" : "http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=252830", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=252830" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=658912", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=658912" - }, - { - "name" : "DSA-1741", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1741" - }, - { - "name" : "FEDORA-2009-2285", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html" - }, - { - "name" : "FEDORA-2009-2295", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html" - }, - { - "name" : "SUSE-SR:2009:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" - }, - { - "name" : "33311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33311" - }, - { - "name" : "34259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34259" - }, - { - "name" : "34301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34301" - }, - { - "name" : "34119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34259" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=252830", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=252830" + }, + { + "name": "34301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34301" + }, + { + "name": "7555", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7555" + }, + { + "name": "20081223 [ISecAuditors Security Advisories] PSI remote integer overflow DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499563" + }, + { + "name": "SUSE-SR:2009:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" + }, + { + "name": "FEDORA-2009-2285", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html" + }, + { + "name": "[oss-security] 20090225 CVE request: Psi <0.12.1 DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/25/5" + }, + { + "name": "http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html", + "refsource": "MISC", + "url": "http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=658912", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=658912" + }, + { + "name": "33311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33311" + }, + { + "name": "FEDORA-2009-2295", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html" + }, + { + "name": "DSA-1741", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1741" + }, + { + "name": "34119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34119" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6441.json b/2008/6xxx/CVE-2008-6441.json index 50484525c9c..1ed40e71941 100644 --- a/2008/6xxx/CVE-2008-6441.json +++ b/2008/6xxx/CVE-2008-6441.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080911 Clients format strings in the Unreal engine", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496297/100/0/threaded" - }, - { - "name" : "20080911 Clients format strings in the Unreal engine", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html" - }, - { - "name" : "http://aluigi.altervista.org/adv/unrealcfs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/unrealcfs-adv.txt" - }, - { - "name" : "31141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31141" - }, - { - "name" : "48290", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/48290" - }, - { - "name" : "48291", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/48291" - }, - { - "name" : "31854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31854" - }, - { - "name" : "unrealengine-dlmgr-format-string(45088)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088" - }, - { - "name" : "unrealengine-pkg-format-string(45089)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089" - }, - { - "name" : "unrealengine-welcome-format-string(45090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48291", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/48291" + }, + { + "name": "20080911 Clients format strings in the Unreal engine", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded" + }, + { + "name": "31141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31141" + }, + { + "name": "20080911 Clients format strings in the Unreal engine", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html" + }, + { + "name": "48290", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/48290" + }, + { + "name": "31854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31854" + }, + { + "name": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt" + }, + { + "name": "unrealengine-dlmgr-format-string(45088)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088" + }, + { + "name": "unrealengine-pkg-format-string(45089)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089" + }, + { + "name": "unrealengine-welcome-format-string(45090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6581.json b/2008/6xxx/CVE-2008-6581.json index 55a9a04d183..5c5ca3efe42 100644 --- a/2008/6xxx/CVE-2008-6581.json +++ b/2008/6xxx/CVE-2008-6581.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7418", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7418" - }, - { - "name" : "http://www.phpaddedit.com/page/new/", - "refsource" : "CONFIRM", - "url" : "http://www.phpaddedit.com/page/new/" - }, - { - "name" : "32779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32779" - }, - { - "name" : "50674", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50674" - }, - { - "name" : "33124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33124" - }, - { - "name" : "phpaddedit-adminuser-cookie-security-bypass(47264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32779" + }, + { + "name": "http://www.phpaddedit.com/page/new/", + "refsource": "CONFIRM", + "url": "http://www.phpaddedit.com/page/new/" + }, + { + "name": "7418", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7418" + }, + { + "name": "50674", + "refsource": "OSVDB", + "url": "http://osvdb.org/50674" + }, + { + "name": "phpaddedit-adminuser-cookie-security-bypass(47264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47264" + }, + { + "name": "33124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33124" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6643.json b/2008/6xxx/CVE-2008-6643.json index b5e9513a847..ae9391dfb85 100644 --- a/2008/6xxx/CVE-2008-6643.json +++ b/2008/6xxx/CVE-2008-6643.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492877/100/0/threaded" - }, - { - "name" : "29448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29448" - }, - { - "name" : "45866", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45866" - }, - { - "name" : "lokicms-admin-security-bypass(42766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45866", + "refsource": "OSVDB", + "url": "http://osvdb.org/45866" + }, + { + "name": "29448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29448" + }, + { + "name": "lokicms-admin-security-bypass(42766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42766" + }, + { + "name": "20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492877/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1220.json b/2012/1xxx/CVE-2012-1220.json index 7b78da90b6b..2355525386c 100644 --- a/2012/1xxx/CVE-2012-1220.json +++ b/2012/1xxx/CVE-2012-1220.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18464", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18464" - }, - { - "name" : "47947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47947" - }, - { - "name" : "gazie-adminutente-csrf(72991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gazie-adminutente-csrf(72991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72991" + }, + { + "name": "47947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47947" + }, + { + "name": "18464", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18464" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5005.json b/2012/5xxx/CVE-2012-5005.json index 37a3cbde537..fcf700603ae 100644 --- a/2012/5xxx/CVE-2012-5005.json +++ b/2012/5xxx/CVE-2012-5005.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18418", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18418" - }, - { - "name" : "47729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47729" - }, - { - "name" : "vrgpub-adminoptions-csrf(72745)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vrgpub-adminoptions-csrf(72745)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72745" + }, + { + "name": "18418", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18418" + }, + { + "name": "47729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47729" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5035.json b/2012/5xxx/CVE-2012-5035.json index 68005d36ac0..df89ceeae78 100644 --- a/2012/5xxx/CVE-2012-5035.json +++ b/2012/5xxx/CVE-2012-5035.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5035", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5035", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5689.json b/2012/5xxx/CVE-2012-5689.json index b98cc148593..7d81ec60f8e 100644 --- a/2012/5xxx/CVE-2012-5689.json +++ b/2012/5xxx/CVE-2012-5689.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/article/AA-00855/", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-00855/" - }, - { - "name" : "http://www.isc.org/software/bind/advisories/cve-2012-5689", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/software/bind/advisories/cve-2012-5689" - }, - { - "name" : "RHSA-2013:0550", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0550.html" - }, - { - "name" : "USN-2693-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2693-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.isc.org/article/AA-00855/", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-00855/" + }, + { + "name": "http://www.isc.org/software/bind/advisories/cve-2012-5689", + "refsource": "CONFIRM", + "url": "http://www.isc.org/software/bind/advisories/cve-2012-5689" + }, + { + "name": "USN-2693-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2693-1" + }, + { + "name": "RHSA-2013:0550", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0550.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5862.json b/2012/5xxx/CVE-2012-5862.json index a44c5b10055..500d591bfe6 100644 --- a/2012/5xxx/CVE-2012-5862.json +++ b/2012/5xxx/CVE-2012-5862.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-5862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html" - }, - { - "name" : "21273", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/21273/" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf" - }, - { - "name" : "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88", - "refsource" : "CONFIRM", - "url" : "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88" - }, - { - "name" : "sinapsi-default-password(80200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21273", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/21273/" + }, + { + "name": "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html" + }, + { + "name": "sinapsi-default-password(80200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80200" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf" + }, + { + "name": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88", + "refsource": "CONFIRM", + "url": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11314.json b/2017/11xxx/CVE-2017-11314.json index 33b1eae63cd..8f54f171d5c 100644 --- a/2017/11xxx/CVE-2017-11314.json +++ b/2017/11xxx/CVE-2017-11314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11314", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11314", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11442.json b/2017/11xxx/CVE-2017-11442.json index 4635d0887ed..461fef55ce5 100644 --- a/2017/11xxx/CVE-2017-11442.json +++ b/2017/11xxx/CVE-2017-11442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11442", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11442", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15095.json b/2017/15xxx/CVE-2017-15095.json index 324d08a8f9d..94343a4865d 100644 --- a/2017/15xxx/CVE-2017-15095.json +++ b/2017/15xxx/CVE-2017-15095.json @@ -1,186 +1,186 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-06-27T00:00:00", - "ID" : "CVE-2017-15095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jackson-databind", - "version" : { - "version_data" : [ - { - "version_value" : "before 2.8.10" - }, - { - "version_value" : "before 2.9.1" - } - ] - } - } - ] - }, - "vendor_name" : "FasterXML" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-184" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-06-27T00:00:00", + "ID": "CVE-2017-15095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jackson-databind", + "version": { + "version_data": [ + { + "version_value": "before 2.8.10" + }, + { + "version_value": "before 2.9.1" + } + ] + } + } + ] + }, + "vendor_name": "FasterXML" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FasterXML/jackson-databind/issues/1680", - "refsource" : "CONFIRM", - "url" : "https://github.com/FasterXML/jackson-databind/issues/1680" - }, - { - "name" : "https://github.com/FasterXML/jackson-databind/issues/1737", - "refsource" : "CONFIRM", - "url" : "https://github.com/FasterXML/jackson-databind/issues/1737" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171214-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171214-0003/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-4037", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4037" - }, - { - "name" : "RHSA-2017:3189", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3189" - }, - { - "name" : "RHSA-2017:3190", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3190" - }, - { - "name" : "RHSA-2018:0342", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0342" - }, - { - "name" : "RHSA-2018:0478", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0478" - }, - { - "name" : "RHSA-2018:0479", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0479" - }, - { - "name" : "RHSA-2018:0480", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0480" - }, - { - "name" : "RHSA-2018:0481", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0481" - }, - { - "name" : "RHSA-2018:0576", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0576" - }, - { - "name" : "RHSA-2018:0577", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0577" - }, - { - "name" : "RHSA-2018:1447", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1447" - }, - { - "name" : "RHSA-2018:1448", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1448" - }, - { - "name" : "RHSA-2018:1449", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1449" - }, - { - "name" : "RHSA-2018:1450", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1450" - }, - { - "name" : "RHSA-2018:1451", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1451" - }, - { - "name" : "RHSA-2018:2927", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2927" - }, - { - "name" : "103880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103880" - }, - { - "name" : "1039769", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-184" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:1448", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1448" + }, + { + "name": "103880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103880" + }, + { + "name": "RHSA-2018:0479", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0479" + }, + { + "name": "RHSA-2018:0481", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0481" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "RHSA-2018:1449", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1449" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171214-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171214-0003/" + }, + { + "name": "RHSA-2018:1450", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1450" + }, + { + "name": "RHSA-2018:0577", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0577" + }, + { + "name": "RHSA-2018:0576", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0576" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "RHSA-2017:3190", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3190" + }, + { + "name": "RHSA-2018:1451", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1451" + }, + { + "name": "RHSA-2017:3189", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3189" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2018:2927", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2927" + }, + { + "name": "1039769", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039769" + }, + { + "name": "RHSA-2018:0342", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0342" + }, + { + "name": "RHSA-2018:0480", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0480" + }, + { + "name": "RHSA-2018:1447", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1447" + }, + { + "name": "https://github.com/FasterXML/jackson-databind/issues/1737", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson-databind/issues/1737" + }, + { + "name": "RHSA-2018:0478", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0478" + }, + { + "name": "DSA-4037", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4037" + }, + { + "name": "https://github.com/FasterXML/jackson-databind/issues/1680", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson-databind/issues/1680" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15469.json b/2017/15xxx/CVE-2017-15469.json index 59c224a9466..394ba93b125 100644 --- a/2017/15xxx/CVE-2017-15469.json +++ b/2017/15xxx/CVE-2017-15469.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15469", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15469", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15510.json b/2017/15xxx/CVE-2017-15510.json index d72d89394e4..dd4236d7e0e 100644 --- a/2017/15xxx/CVE-2017-15510.json +++ b/2017/15xxx/CVE-2017-15510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15510", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15510", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15622.json b/2017/15xxx/CVE-2017-15622.json index 1f1773158c2..b5b67d61044 100644 --- a/2017/15xxx/CVE-2017-15622.json +++ b/2017/15xxx/CVE-2017-15622.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded" - }, - { - "name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", - "refsource" : "MISC", - "url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", + "refsource": "MISC", + "url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" + }, + { + "name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3185.json b/2017/3xxx/CVE-2017-3185.json index 05b57eb1d6c..4f7c7eababb 100644 --- a/2017/3xxx/CVE-2017-3185.json +++ b/2017/3xxx/CVE-2017-3185.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ACTi D, B, I, and E series cameras", - "version" : { - "version_data" : [ - { - "version_value" : "A1D-500-V6.11.31-AC" - } - ] - } - } - ] - }, - "vendor_name" : "ACTi Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-598: Information Exposure Through Query Strings in GET Request" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ACTi D, B, I, and E series cameras", + "version": { + "version_data": [ + { + "version_value": "A1D-500-V6.11.31-AC" + } + ] + } + } + ] + }, + "vendor_name": "ACTi Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/Hfuhs/status/839252357221330944", - "refsource" : "MISC", - "url" : "https://twitter.com/Hfuhs/status/839252357221330944" - }, - { - "name" : "https://twitter.com/hack3rsca/status/839599437907386368", - "refsource" : "MISC", - "url" : "https://twitter.com/hack3rsca/status/839599437907386368" - }, - { - "name" : "VU#355151", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/355151" - }, - { - "name" : "96720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96720/info" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-598: Information Exposure Through Query Strings in GET Request" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/hack3rsca/status/839599437907386368", + "refsource": "MISC", + "url": "https://twitter.com/hack3rsca/status/839599437907386368" + }, + { + "name": "96720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96720/info" + }, + { + "name": "https://twitter.com/Hfuhs/status/839252357221330944", + "refsource": "MISC", + "url": "https://twitter.com/Hfuhs/status/839252357221330944" + }, + { + "name": "VU#355151", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/355151" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3909.json b/2017/3xxx/CVE-2017-3909.json index ce2cb4323e3..3235d1e14f6 100644 --- a/2017/3xxx/CVE-2017-3909.json +++ b/2017/3xxx/CVE-2017-3909.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3909", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3909", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8316.json b/2017/8xxx/CVE-2017-8316.json index 8bd5ed58033..bfc0f815f2f 100644 --- a/2017/8xxx/CVE-2017-8316.json +++ b/2017/8xxx/CVE-2017-8316.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IntelliJ IDEA", - "version" : { - "version_data" : [ - { - "version_value" : "<173" - } - ] - } - } - ] - }, - "vendor_name" : "JetBrains" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XEE in XML parser" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IntelliJ IDEA", + "version": { + "version_data": [ + { + "version_value": "<173" + } + ] + } + } + ] + }, + "vendor_name": "JetBrains" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/", - "refsource" : "MISC", - "url" : "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/" - }, - { - "name" : "https://youtrack.jetbrains.com/issue/IDEA-175381", - "refsource" : "MISC", - "url" : "https://youtrack.jetbrains.com/issue/IDEA-175381" - }, - { - "name" : "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b", - "refsource" : "CONFIRM", - "url" : "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XEE in XML parser" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b", + "refsource": "CONFIRM", + "url": "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b" + }, + { + "name": "https://youtrack.jetbrains.com/issue/IDEA-175381", + "refsource": "MISC", + "url": "https://youtrack.jetbrains.com/issue/IDEA-175381" + }, + { + "name": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/", + "refsource": "MISC", + "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12608.json b/2018/12xxx/CVE-2018-12608.json index 619847df0b8..04e2d2cfa0a 100644 --- a/2018/12xxx/CVE-2018-12608.json +++ b/2018/12xxx/CVE-2018-12608.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/moby/moby/pull/33182", - "refsource" : "MISC", - "url" : "https://github.com/moby/moby/pull/33182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/moby/moby/pull/33182", + "refsource": "MISC", + "url": "https://github.com/moby/moby/pull/33182" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12810.json b/2018/12xxx/CVE-2018-12810.json index f984b0cedc7..89d087af8c7 100644 --- a/2018/12xxx/CVE-2018-12810.json +++ b/2018/12xxx/CVE-2018-12810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "memory corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6", + "version": { + "version_data": [ + { + "version_value": "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html" - }, - { - "name" : "105123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105123" - }, - { - "name" : "1041599", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105123" + }, + { + "name": "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html" + }, + { + "name": "1041599", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041599" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12925.json b/2018/12xxx/CVE-2018-12925.json index 1638e01eb53..420c0d1ed84 100644 --- a/2018/12xxx/CVE-2018-12925.json +++ b/2018/12xxx/CVE-2018-12925.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Baseon Lantronix MSS devices do not require a password for TELNET access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seebug.org/vuldb/ssvid-97375", - "refsource" : "MISC", - "url" : "https://www.seebug.org/vuldb/ssvid-97375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Baseon Lantronix MSS devices do not require a password for TELNET access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.seebug.org/vuldb/ssvid-97375", + "refsource": "MISC", + "url": "https://www.seebug.org/vuldb/ssvid-97375" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12927.json b/2018/12xxx/CVE-2018-12927.json index c6fdda14383..7b19abad6ae 100644 --- a/2018/12xxx/CVE-2018-12927.json +++ b/2018/12xxx/CVE-2018-12927.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seebug.org/vuldb/ssvid-97377", - "refsource" : "MISC", - "url" : "https://www.seebug.org/vuldb/ssvid-97377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.seebug.org/vuldb/ssvid-97377", + "refsource": "MISC", + "url": "https://www.seebug.org/vuldb/ssvid-97377" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13100.json b/2018/13xxx/CVE-2018-13100.json index ebe2c7a9883..5eafed2653f 100644 --- a/2018/13xxx/CVE-2018-13100.json +++ b/2018/13xxx/CVE-2018-13100.json @@ -1,72 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200183", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200183" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d" - }, - { - "name" : "104679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104679" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=200183", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200183" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13181.json b/2018/13xxx/CVE-2018-13181.json index d5b3badb12f..558869b82f4 100644 --- a/2018/13xxx/CVE-2018-13181.json +++ b/2018/13xxx/CVE-2018-13181.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13754.json b/2018/13xxx/CVE-2018-13754.json index 98b0332c958..e465f80ec9d 100644 --- a/2018/13xxx/CVE-2018-13754.json +++ b/2018/13xxx/CVE-2018-13754.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptosisToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptosisToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptosisToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptosisToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13987.json b/2018/13xxx/CVE-2018-13987.json index 800bc2411ba..5c693bc5d37 100644 --- a/2018/13xxx/CVE-2018-13987.json +++ b/2018/13xxx/CVE-2018-13987.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13987", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13987", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16301.json b/2018/16xxx/CVE-2018-16301.json index 48a9a1cb973..0cd6ef3337c 100644 --- a/2018/16xxx/CVE-2018-16301.json +++ b/2018/16xxx/CVE-2018-16301.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16301", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16301", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16567.json b/2018/16xxx/CVE-2018-16567.json index 2a19ff616ba..029028966cf 100644 --- a/2018/16xxx/CVE-2018-16567.json +++ b/2018/16xxx/CVE-2018-16567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16567", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16567", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16832.json b/2018/16xxx/CVE-2018-16832.json index 35daece6e40..0b17c143ec6 100644 --- a/2018/16xxx/CVE-2018-16832.json +++ b/2018/16xxx/CVE-2018-16832.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ysrc/xunfeng/issues/177", - "refsource" : "MISC", - "url" : "https://github.com/ysrc/xunfeng/issues/177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ysrc/xunfeng/issues/177", + "refsource": "MISC", + "url": "https://github.com/ysrc/xunfeng/issues/177" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17276.json b/2018/17xxx/CVE-2018-17276.json index a9f9a1397dd..8586aa2e0f8 100644 --- a/2018/17xxx/CVE-2018-17276.json +++ b/2018/17xxx/CVE-2018-17276.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17276", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17276", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17496.json b/2018/17xxx/CVE-2018-17496.json index 80b2dc68d65..96d612b3496 100644 --- a/2018/17xxx/CVE-2018-17496.json +++ b/2018/17xxx/CVE-2018-17496.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17496", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17496", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17666.json b/2018/17xxx/CVE-2018-17666.json index dd1167100b4..868a5d496b6 100644 --- a/2018/17xxx/CVE-2018-17666.json +++ b/2018/17xxx/CVE-2018-17666.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1174/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1174/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1174/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1174/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17773.json b/2018/17xxx/CVE-2018-17773.json index c5f4c576778..cf02a8dc433 100644 --- a/2018/17xxx/CVE-2018-17773.json +++ b/2018/17xxx/CVE-2018-17773.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17773", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17773", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17868.json b/2018/17xxx/CVE-2018-17868.json index 3b0c3d8a670..4cd6522f8b5 100644 --- a/2018/17xxx/CVE-2018-17868.json +++ b/2018/17xxx/CVE-2018-17868.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DASAN H660GW devices have Stored XSS in the Port Forwarding functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/", - "refsource" : "MISC", - "url" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DASAN H660GW devices have Stored XSS in the Port Forwarding functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/", + "refsource": "MISC", + "url": "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/" + } + ] + } +} \ No newline at end of file