From 5fb002027eb7b30b9837cc0a250bf2f13e6fa8c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:18:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/1xxx/CVE-2003-1019.json | 34 ++--- 2004/0xxx/CVE-2004-0037.json | 170 +++++++++++------------ 2004/0xxx/CVE-2004-0131.json | 180 ++++++++++++------------- 2004/0xxx/CVE-2004-0300.json | 200 +++++++++++++-------------- 2004/0xxx/CVE-2004-0399.json | 170 +++++++++++------------ 2004/1xxx/CVE-2004-1179.json | 160 +++++++++++----------- 2004/1xxx/CVE-2004-1394.json | 180 ++++++++++++------------- 2004/1xxx/CVE-2004-1449.json | 130 +++++++++--------- 2004/1xxx/CVE-2004-1515.json | 120 ++++++++--------- 2004/1xxx/CVE-2004-1934.json | 170 +++++++++++------------ 2004/2xxx/CVE-2004-2018.json | 180 ++++++++++++------------- 2004/2xxx/CVE-2004-2146.json | 150 ++++++++++----------- 2004/2xxx/CVE-2004-2587.json | 150 ++++++++++----------- 2004/2xxx/CVE-2004-2606.json | 240 ++++++++++++++++----------------- 2008/2xxx/CVE-2008-2193.json | 150 ++++++++++----------- 2008/2xxx/CVE-2008-2587.json | 190 +++++++++++++------------- 2008/2xxx/CVE-2008-2709.json | 160 +++++++++++----------- 2008/2xxx/CVE-2008-2718.json | 200 +++++++++++++-------------- 2008/2xxx/CVE-2008-2902.json | 150 ++++++++++----------- 2008/2xxx/CVE-2008-2983.json | 130 +++++++++--------- 2008/3xxx/CVE-2008-3597.json | 160 +++++++++++----------- 2008/3xxx/CVE-2008-3876.json | 140 +++++++++---------- 2008/6xxx/CVE-2008-6251.json | 160 +++++++++++----------- 2008/6xxx/CVE-2008-6559.json | 160 +++++++++++----------- 2008/6xxx/CVE-2008-6648.json | 160 +++++++++++----------- 2008/6xxx/CVE-2008-6677.json | 150 ++++++++++----------- 2008/6xxx/CVE-2008-6690.json | 150 ++++++++++----------- 2008/7xxx/CVE-2008-7241.json | 130 +++++++++--------- 2012/5xxx/CVE-2012-5864.json | 160 +++++++++++----------- 2017/11xxx/CVE-2017-11050.json | 132 +++++++++--------- 2017/11xxx/CVE-2017-11331.json | 130 +++++++++--------- 2017/11xxx/CVE-2017-11353.json | 130 +++++++++--------- 2017/11xxx/CVE-2017-11890.json | 152 ++++++++++----------- 2017/14xxx/CVE-2017-14203.json | 34 ++--- 2017/14xxx/CVE-2017-14543.json | 120 ++++++++--------- 2017/14xxx/CVE-2017-14672.json | 34 ++--- 2017/14xxx/CVE-2017-14896.json | 122 ++++++++--------- 2017/15xxx/CVE-2017-15190.json | 160 +++++++++++----------- 2017/15xxx/CVE-2017-15306.json | 160 +++++++++++----------- 2017/15xxx/CVE-2017-15773.json | 120 ++++++++--------- 2017/8xxx/CVE-2017-8192.json | 122 ++++++++--------- 2017/8xxx/CVE-2017-8958.json | 132 +++++++++--------- 2018/12xxx/CVE-2018-12077.json | 34 ++--- 2018/12xxx/CVE-2018-12227.json | 160 +++++++++++----------- 2018/12xxx/CVE-2018-12239.json | 148 ++++++++++---------- 2018/12xxx/CVE-2018-12434.json | 140 +++++++++---------- 2018/12xxx/CVE-2018-12884.json | 120 ++++++++--------- 2018/13xxx/CVE-2018-13197.json | 130 +++++++++--------- 2018/13xxx/CVE-2018-13228.json | 130 +++++++++--------- 2018/13xxx/CVE-2018-13244.json | 34 ++--- 2018/13xxx/CVE-2018-13645.json | 130 +++++++++--------- 2018/13xxx/CVE-2018-13998.json | 120 ++++++++--------- 2018/16xxx/CVE-2018-16001.json | 130 +++++++++--------- 2018/16xxx/CVE-2018-16221.json | 34 ++--- 2018/16xxx/CVE-2018-16415.json | 34 ++--- 2018/16xxx/CVE-2018-16443.json | 34 ++--- 2018/16xxx/CVE-2018-16452.json | 34 ++--- 2018/16xxx/CVE-2018-16948.json | 140 +++++++++---------- 2018/17xxx/CVE-2018-17132.json | 120 ++++++++--------- 2018/4xxx/CVE-2018-4530.json | 34 ++--- 2018/4xxx/CVE-2018-4544.json | 34 ++--- 2018/4xxx/CVE-2018-4889.json | 140 +++++++++---------- 62 files changed, 4006 insertions(+), 4006 deletions(-) diff --git a/2003/1xxx/CVE-2003-1019.json b/2003/1xxx/CVE-2003-1019.json index 87e1e025e42..dbdfdb054e8 100644 --- a/2003/1xxx/CVE-2003-1019.json +++ b/2003/1xxx/CVE-2003-1019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1019", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1019", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0037.json b/2004/0xxx/CVE-2004-0037.json index d0ac83cd23d..25687987599 100644 --- a/2004/0xxx/CVE-2004-0037.json +++ b/2004/0xxx/CVE-2004-0037.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040105 FirstClass Client 7.1: Command Execution via Email Web Link", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107340950611167&w=2" - }, - { - "name" : "9370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9370" - }, - { - "name" : "3442", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3442" - }, - { - "name" : "1008609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008609" - }, - { - "name" : "10556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10556" - }, - { - "name" : "firstclassclient-execute-code(14151)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10556" + }, + { + "name": "firstclassclient-execute-code(14151)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14151" + }, + { + "name": "3442", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3442" + }, + { + "name": "9370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9370" + }, + { + "name": "20040105 FirstClass Client 7.1: Command Execution via Email Web Link", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107340950611167&w=2" + }, + { + "name": "1008609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008609" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0131.json b/2004/0xxx/CVE-2004-0131.json index dad2e7bbd27..74f828ab43a 100644 --- a/2004/0xxx/CVE-2004-0131.json +++ b/2004/0xxx/CVE-2004-0131.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040204 GNU Radius Remote Denial of Service Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz" - }, - { - "name" : "VU#277396", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/277396" - }, - { - "name" : "9578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9578" - }, - { - "name" : "3824", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3824" - }, - { - "name" : "10799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10799" - }, - { - "name" : "radius-radprintrequest-dos(15046)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040204 GNU Radius Remote Denial of Service Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities&flashstatus=true" + }, + { + "name": "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz", + "refsource": "CONFIRM", + "url": "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz" + }, + { + "name": "VU#277396", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/277396" + }, + { + "name": "3824", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3824" + }, + { + "name": "radius-radprintrequest-dos(15046)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15046" + }, + { + "name": "9578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9578" + }, + { + "name": "10799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10799" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0300.json b/2004/0xxx/CVE-2004-0300.json index 21c9fd0554d..9b0bcdc127e 100644 --- a/2004/0xxx/CVE-2004-0300.json +++ b/2004/0xxx/CVE-2004-0300.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040218 ZH2004-07SA (security advisory): Multiple Sql injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107712117913185&w=2" - }, - { - "name" : "http://www.zone-h.org/en/advisories/read/id=3972/", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/en/advisories/read/id=3972/" - }, - { - "name" : "http://www.systemsecure.org/advisories/ssadvisory16022004.php", - "refsource" : "MISC", - "url" : "http://www.systemsecure.org/advisories/ssadvisory16022004.php" - }, - { - "name" : "3973", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3973" - }, - { - "name" : "1009092", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2004/Feb/1009092.html" - }, - { - "name" : "10902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10902/" - }, - { - "name" : "onlinestorekit-more-sql-injection(15232)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15232" - }, - { - "name" : "9676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9676" - }, - { - "name" : "9687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9676" + }, + { + "name": "9687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9687" + }, + { + "name": "3973", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3973" + }, + { + "name": "20040218 ZH2004-07SA (security advisory): Multiple Sql injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107712117913185&w=2" + }, + { + "name": "http://www.zone-h.org/en/advisories/read/id=3972/", + "refsource": "MISC", + "url": "http://www.zone-h.org/en/advisories/read/id=3972/" + }, + { + "name": "1009092", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2004/Feb/1009092.html" + }, + { + "name": "10902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10902/" + }, + { + "name": "http://www.systemsecure.org/advisories/ssadvisory16022004.php", + "refsource": "MISC", + "url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php" + }, + { + "name": "onlinestorekit-more-sql-injection(15232)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15232" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0399.json b/2004/0xxx/CVE-2004-0399.json index 876b11170a6..12920d24d09 100644 --- a/2004/0xxx/CVE-2004-0399.json +++ b/2004/0xxx/CVE-2004-0399.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040506 Buffer overflows in exim, yet still exim much better than windows", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021015.html" - }, - { - "name" : "http://www.guninski.com/exim1.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/exim1.html" - }, - { - "name" : "DSA-501", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-501" - }, - { - "name" : "DSA-502", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-502" - }, - { - "name" : "11558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11558" - }, - { - "name" : "exim-requireverify-bo(16079)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-502", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-502" + }, + { + "name": "DSA-501", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-501" + }, + { + "name": "20040506 Buffer overflows in exim, yet still exim much better than windows", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021015.html" + }, + { + "name": "11558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11558" + }, + { + "name": "exim-requireverify-bo(16079)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16079" + }, + { + "name": "http://www.guninski.com/exim1.html", + "refsource": "MISC", + "url": "http://www.guninski.com/exim1.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1179.json b/2004/1xxx/CVE-2004-1179.json index 5e31f976686..315a476a4b1 100644 --- a/2004/1xxx/CVE-2004-1179.json +++ b/2004/1xxx/CVE-2004-1179.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-615", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-615" - }, - { - "name" : "20041223 [USN-49-1] debmake vulnerability", - "refsource" : "FULLDISC", - "url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-12/0645.html" - }, - { - "name" : "13633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13633/" - }, - { - "name" : "12078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12078" - }, - { - "name" : "debmake-debstd-symlink(18646)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12078" + }, + { + "name": "20041223 [USN-49-1] debmake vulnerability", + "refsource": "FULLDISC", + "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-12/0645.html" + }, + { + "name": "DSA-615", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-615" + }, + { + "name": "13633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13633/" + }, + { + "name": "debmake-debstd-symlink(18646)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18646" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1394.json b/2004/1xxx/CVE-2004-1394.json index a5bcc68f8f3..99e50df17ca 100644 --- a/2004/1xxx/CVE-2004-1394.json +++ b/2004/1xxx/CVE-2004-1394.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57453", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57453-1" - }, - { - "name" : "ESB-2004.0079", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=3800" - }, - { - "name" : "1008893", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008893" - }, - { - "name" : "10755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10755/" - }, - { - "name" : "3764", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3764" - }, - { - "name" : "solaris-pfexec-gain-privileges(14988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14988" - }, - { - "name" : "9534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-pfexec-gain-privileges(14988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14988" + }, + { + "name": "57453", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57453-1" + }, + { + "name": "ESB-2004.0079", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=3800" + }, + { + "name": "10755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10755/" + }, + { + "name": "1008893", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008893" + }, + { + "name": "3764", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3764" + }, + { + "name": "9534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9534" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1449.json b/2004/1xxx/CVE-2004-1449.json index 49b6098ff8c..9525e828d48 100644 --- a/2004/1xxx/CVE-2004-1449.json +++ b/2004/1xxx/CVE-2004-1449.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0" - }, - { - "name" : "MDKSA-2004:082", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0" + }, + { + "name": "MDKSA-2004:082", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1515.json b/2004/1xxx/CVE-2004-1515.json index f7fc241a372..90ae387808d 100644 --- a/2004/1xxx/CVE-2004-1515.json +++ b/2004/1xxx/CVE-2004-1515.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041111 SQL injection in vBulletin forums (last10.php)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110019198507100&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041111 SQL injection in vBulletin forums (last10.php)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110019198507100&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1934.json b/2004/1xxx/CVE-2004-1934.json index e3a46212d2d..4b072d2f574 100644 --- a/2004/1xxx/CVE-2004-1934.json +++ b/2004/1xxx/CVE-2004-1934.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040415 Include vulnerability in GEMITEL v 3.50", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108206642725505&w=2" - }, - { - "name" : "10156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10156" - }, - { - "name" : "5396", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5396" - }, - { - "name" : "1009824", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009824" - }, - { - "name" : "11393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11393" - }, - { - "name" : "gemitel-spturnphpfile-include(15887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5396", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5396" + }, + { + "name": "11393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11393" + }, + { + "name": "10156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10156" + }, + { + "name": "20040415 Include vulnerability in GEMITEL v 3.50", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108206642725505&w=2" + }, + { + "name": "1009824", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009824" + }, + { + "name": "gemitel-spturnphpfile-include(15887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15887" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2018.json b/2004/2xxx/CVE-2004-2018.json index d726a4bb518..33c4f4ed476 100644 --- a/2004/2xxx/CVE-2004-2018.json +++ b/2004/2xxx/CVE-2004-2018.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040517 [waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke 6.x - 7.3]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108482888621896&w=2" - }, - { - "name" : "20040517 [waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke 6.x - 7.3]", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0870.html" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=29", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=29" - }, - { - "name" : "10365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10365" - }, - { - "name" : "6222", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6222" - }, - { - "name" : "11625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11625" - }, - { - "name" : "phpnuke-modpath-file-include(16218)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=29", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=29" + }, + { + "name": "6222", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6222" + }, + { + "name": "20040517 [waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke 6.x - 7.3]", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0870.html" + }, + { + "name": "phpnuke-modpath-file-include(16218)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16218" + }, + { + "name": "11625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11625" + }, + { + "name": "20040517 [waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke 6.x - 7.3]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108482888621896&w=2" + }, + { + "name": "10365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10365" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2146.json b/2004/2xxx/CVE-2004-2146.json index 9385177935c..52d2f028af1 100644 --- a/2004/2xxx/CVE-2004-2146.json +++ b/2004/2xxx/CVE-2004-2146.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040926 HTTP Response Splitting and SQL injection in megabbs forum", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0962.html" - }, - { - "name" : "20040926 Re: HTTP Response Splitting and SQL injection in megabbs forum", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109631200701134&w=2" - }, - { - "name" : "http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924", - "refsource" : "CONFIRM", - "url" : "http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924" - }, - { - "name" : "megabbs-response-splitting(17495)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040926 Re: HTTP Response Splitting and SQL injection in megabbs forum", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109631200701134&w=2" + }, + { + "name": "megabbs-response-splitting(17495)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17495" + }, + { + "name": "http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924", + "refsource": "CONFIRM", + "url": "http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924" + }, + { + "name": "20040926 HTTP Response Splitting and SQL injection in megabbs forum", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0962.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2587.json b/2004/2xxx/CVE-2004-2587.json index 1f434b323da..48fad71730e 100644 --- a/2004/2xxx/CVE-2004-2587.json +++ b/2004/2xxx/CVE-2004-2587.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt" - }, - { - "name" : "http://www.zone-h.org/advisories/read/id=4098", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=4098" - }, - { - "name" : "11042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11042" - }, - { - "name" : "smartermail-login-dos(15390)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zone-h.org/advisories/read/id=4098", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=4098" + }, + { + "name": "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt" + }, + { + "name": "smartermail-login-dos(15390)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15390" + }, + { + "name": "11042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11042" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2606.json b/2004/2xxx/CVE-2004-2606.json index c05f25d3f0f..1d3ad15f9dc 100644 --- a/2004/2xxx/CVE-2004-2606.json +++ b/2004/2xxx/CVE-2004-2606.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040531 LinkSys WRT54G administration page availble to WAN", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html" - }, - { - "name" : "20040601 Re: LinkSys WRT54G administration page availble to WAN", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html" - }, - { - "name" : "20040602 Additional information on WRT54G administration page", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html" - }, - { - "name" : "20040604 The Linksys WRT54G \"security problem\" doesn't exist", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/365175" - }, - { - "name" : "20040602 Re: The Linksys WRT54G \"security problem\" doesn't exist", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html" - }, - { - "name" : "20040604 RE: The Linksys WRT54G \"security problem\" doesn't exist", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/365227/30/0/threaded" - }, - { - "name" : "http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201", - "refsource" : "MISC", - "url" : "http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201" - }, - { - "name" : "http://www.nwfusion.com/news/2004/0607confuse.html", - "refsource" : "MISC", - "url" : "http://www.nwfusion.com/news/2004/0607confuse.html" - }, - { - "name" : "ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip" - }, - { - "name" : "10441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10441" - }, - { - "name" : "6577", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6577" - }, - { - "name" : "11754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11754" - }, - { - "name" : "linksys-remote-bypass-security(16274)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip", + "refsource": "CONFIRM", + "url": "ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip" + }, + { + "name": "http://www.nwfusion.com/news/2004/0607confuse.html", + "refsource": "MISC", + "url": "http://www.nwfusion.com/news/2004/0607confuse.html" + }, + { + "name": "20040604 The Linksys WRT54G \"security problem\" doesn't exist", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/365175" + }, + { + "name": "11754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11754" + }, + { + "name": "20040602 Additional information on WRT54G administration page", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html" + }, + { + "name": "20040531 LinkSys WRT54G administration page availble to WAN", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html" + }, + { + "name": "20040604 RE: The Linksys WRT54G \"security problem\" doesn't exist", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/365227/30/0/threaded" + }, + { + "name": "6577", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6577" + }, + { + "name": "10441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10441" + }, + { + "name": "20040601 Re: LinkSys WRT54G administration page availble to WAN", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html" + }, + { + "name": "http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201", + "refsource": "MISC", + "url": "http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201" + }, + { + "name": "linksys-remote-bypass-security(16274)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16274" + }, + { + "name": "20040602 Re: The Linksys WRT54G \"security problem\" doesn't exist", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2193.json b/2008/2xxx/CVE-2008-2193.json index 617d1f4a28b..f8e909d918b 100644 --- a/2008/2xxx/CVE-2008-2193.json +++ b/2008/2xxx/CVE-2008-2193.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5539", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5539" - }, - { - "name" : "29041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29041" - }, - { - "name" : "ADV-2008-1430", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1430/references" - }, - { - "name" : "scorpnews-example-file-include(42517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "scorpnews-example-file-include(42517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42517" + }, + { + "name": "29041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29041" + }, + { + "name": "5539", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5539" + }, + { + "name": "ADV-2008-1430", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1430/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2587.json b/2008/2xxx/CVE-2008-2587.json index a5586d3e525..204c512659e 100644 --- a/2008/2xxx/CVE-2008-2587.json +++ b/2008/2xxx/CVE-2008-2587.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020499", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020499" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "1020499", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020499" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2709.json b/2008/2xxx/CVE-2008-2709.json index 9e496cc2208..b572a7f3195 100644 --- a/2008/2xxx/CVE-2008-2709.json +++ b/2008/2xxx/CVE-2008-2709.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MA36741", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64" - }, - { - "name" : "29660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29660" - }, - { - "name" : "ADV-2008-1799", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1799" - }, - { - "name" : "30554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30554" - }, - { - "name" : "os400-brsmrcvandcheck-bo(42984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30554" + }, + { + "name": "MA36741", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64" + }, + { + "name": "ADV-2008-1799", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1799" + }, + { + "name": "29660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29660" + }, + { + "name": "os400-brsmrcvandcheck-bo(42984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42984" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2718.json b/2008/2xxx/CVE-2008-2718.json index e71fe7e7ccc..7ccfe847bed 100644 --- a/2008/2xxx/CVE-2008-2718.json +++ b/2008/2xxx/CVE-2008-2718.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493270/100/0/threaded" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/" - }, - { - "name" : "DSA-1596", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1596" - }, - { - "name" : "29657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29657" - }, - { - "name" : "ADV-2008-1802", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1802" - }, - { - "name" : "30619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30619" - }, - { - "name" : "30660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30660" - }, - { - "name" : "3945", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3945" - }, - { - "name" : "typo3-feadminlibinc-xss(42986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-feadminlibinc-xss(42986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42986" + }, + { + "name": "29657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29657" + }, + { + "name": "30619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30619" + }, + { + "name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded" + }, + { + "name": "DSA-1596", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1596" + }, + { + "name": "ADV-2008-1802", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1802" + }, + { + "name": "30660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30660" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/" + }, + { + "name": "3945", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3945" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2902.json b/2008/2xxx/CVE-2008-2902.json index 76187f28ce1..287293a255f 100644 --- a/2008/2xxx/CVE-2008-2902.json +++ b/2008/2xxx/CVE-2008-2902.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5821", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5821" - }, - { - "name" : "29732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29732" - }, - { - "name" : "30672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30672" - }, - { - "name" : "askmepro-profile-sql-injection(43106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30672" + }, + { + "name": "29732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29732" + }, + { + "name": "5821", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5821" + }, + { + "name": "askmepro-profile-sql-injection(43106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43106" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2983.json b/2008/2xxx/CVE-2008-2983.json index 0278738d630..df5ae714f48 100644 --- a/2008/2xxx/CVE-2008-2983.json +++ b/2008/2xxx/CVE-2008-2983.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5914", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5914" - }, - { - "name" : "demo4cms-index-sql-injection(43291)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "demo4cms-index-sql-injection(43291)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43291" + }, + { + "name": "5914", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5914" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3597.json b/2008/3xxx/CVE-2008-3597.json index add2add8860..d65305d6ba6 100644 --- a/2008/3xxx/CVE-2008-3597.json +++ b/2008/3xxx/CVE-2008-3597.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a \"command 29\" packet when the player is not in the game." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/skulltagod-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/skulltagod-adv.txt" - }, - { - "name" : "http://skulltag.com/forum/viewtopic.php?f=1&t=14716", - "refsource" : "CONFIRM", - "url" : "http://skulltag.com/forum/viewtopic.php?f=1&t=14716" - }, - { - "name" : "ADV-2008-2325", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2325" - }, - { - "name" : "31427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31427" - }, - { - "name" : "skulltag-command29-dos(44363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a \"command 29\" packet when the player is not in the game." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31427" + }, + { + "name": "skulltag-command29-dos(44363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44363" + }, + { + "name": "ADV-2008-2325", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2325" + }, + { + "name": "http://aluigi.altervista.org/adv/skulltagod-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/skulltagod-adv.txt" + }, + { + "name": "http://skulltag.com/forum/viewtopic.php?f=1&t=14716", + "refsource": "CONFIRM", + "url": "http://skulltag.com/forum/viewtopic.php?f=1&t=14716" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3876.json b/2008/3xxx/CVE-2008-3876.json index ed376afb898..1d903c682e6 100644 --- a/2008/3xxx/CVE-2008-3876.json +++ b/2008/3xxx/CVE-2008-3876.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.macrumors.com/showpost.php?p=6121914&postcount=118", - "refsource" : "MISC", - "url" : "http://forums.macrumors.com/showpost.php?p=6121914&postcount=118" - }, - { - "name" : "http://forums.macrumors.com/showthread.php?t=551617", - "refsource" : "MISC", - "url" : "http://forums.macrumors.com/showthread.php?t=551617" - }, - { - "name" : "1020763", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forums.macrumors.com/showpost.php?p=6121914&postcount=118", + "refsource": "MISC", + "url": "http://forums.macrumors.com/showpost.php?p=6121914&postcount=118" + }, + { + "name": "http://forums.macrumors.com/showthread.php?t=551617", + "refsource": "MISC", + "url": "http://forums.macrumors.com/showthread.php?t=551617" + }, + { + "name": "1020763", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020763" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6251.json b/2008/6xxx/CVE-2008-6251.json index a1de8817c9f..04f5ecb2371 100644 --- a/2008/6xxx/CVE-2008-6251.json +++ b/2008/6xxx/CVE-2008-6251.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7143", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7143" - }, - { - "name" : "http://scripts.ishallnotcare.org/2008/11/18/phpfan-335-security-release-important/", - "refsource" : "CONFIRM", - "url" : "http://scripts.ishallnotcare.org/2008/11/18/phpfan-335-security-release-important/" - }, - { - "name" : "32335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32335" - }, - { - "name" : "32734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32734" - }, - { - "name" : "phpfan-init-file-include(46665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32335" + }, + { + "name": "phpfan-init-file-include(46665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46665" + }, + { + "name": "http://scripts.ishallnotcare.org/2008/11/18/phpfan-335-security-release-important/", + "refsource": "CONFIRM", + "url": "http://scripts.ishallnotcare.org/2008/11/18/phpfan-335-security-release-important/" + }, + { + "name": "7143", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7143" + }, + { + "name": "32734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32734" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6559.json b/2008/6xxx/CVE-2008-6559.json index d950ad939f4..5595c5c59ae 100644 --- a/2008/6xxx/CVE-2008-6559.json +++ b/2008/6xxx/CVE-2008-6559.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5357", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5357" - }, - { - "name" : "SCOSA-2008.3", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/unixware7/714/security/p534850/p534850.txt" - }, - { - "name" : "28625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28625" - }, - { - "name" : "51234", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/51234" - }, - { - "name" : "30921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28625" + }, + { + "name": "SCOSA-2008.3", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p534850/p534850.txt" + }, + { + "name": "30921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30921" + }, + { + "name": "51234", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/51234" + }, + { + "name": "5357", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5357" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6648.json b/2008/6xxx/CVE-2008-6648.json index bdffe0be56c..3305ef7bc6a 100644 --- a/2008/6xxx/CVE-2008-6648.json +++ b/2008/6xxx/CVE-2008-6648.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5582", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5582" - }, - { - "name" : "29136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29136" - }, - { - "name" : "45141", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45141" - }, - { - "name" : "30194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30194" - }, - { - "name" : "photostore-aboutus-sql-injection(42317)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5582", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5582" + }, + { + "name": "30194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30194" + }, + { + "name": "29136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29136" + }, + { + "name": "45141", + "refsource": "OSVDB", + "url": "http://osvdb.org/45141" + }, + { + "name": "photostore-aboutus-sql-injection(42317)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42317" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6677.json b/2008/6xxx/CVE-2008-6677.json index 58b9afe1adf..dc30f2d64ff 100644 --- a/2008/6xxx/CVE-2008-6677.json +++ b/2008/6xxx/CVE-2008-6677.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugreport.ir/39/exploit.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/39/exploit.htm" - }, - { - "name" : "http://www.bugreport.ir/index_39.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/index_39.htm" - }, - { - "name" : "29524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29524" - }, - { - "name" : "30501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bugreport.ir/39/exploit.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/39/exploit.htm" + }, + { + "name": "http://www.bugreport.ir/index_39.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/index_39.htm" + }, + { + "name": "30501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30501" + }, + { + "name": "29524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29524" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6690.json b/2008/6xxx/CVE-2008-6690.json index 747b46dae26..177d76a7f79 100644 --- a/2008/6xxx/CVE-2008-6690.json +++ b/2008/6xxx/CVE-2008-6690.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/" - }, - { - "name" : "29833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29833" - }, - { - "name" : "46387", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46387" - }, - { - "name" : "ndantispam-unspecified-security-bypass(43205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46387", + "refsource": "OSVDB", + "url": "http://osvdb.org/46387" + }, + { + "name": "ndantispam-unspecified-security-bypass(43205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43205" + }, + { + "name": "29833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29833" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7241.json b/2008/7xxx/CVE-2008-7241.json index 4cfd63224ca..028b6c8aa59 100644 --- a/2008/7xxx/CVE-2008-7241.json +++ b/2008/7xxx/CVE-2008-7241.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt", - "refsource" : "CONFIRM", - "url" : "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt" - }, - { - "name" : "48685", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48685", + "refsource": "OSVDB", + "url": "http://osvdb.org/48685" + }, + { + "name": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt", + "refsource": "CONFIRM", + "url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5864.json b/2012/5xxx/CVE-2012-5864.json index cc1871440e9..59c20881e12 100644 --- a/2012/5xxx/CVE-2012-5864.json +++ b/2012/5xxx/CVE-2012-5864.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-5864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html" - }, - { - "name" : "21273", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/21273/" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf" - }, - { - "name" : "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88", - "refsource" : "CONFIRM", - "url" : "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88" - }, - { - "name" : "sinapsi-sec-bypass(80203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21273", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/21273/" + }, + { + "name": "sinapsi-sec-bypass(80203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80203" + }, + { + "name": "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf" + }, + { + "name": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88", + "refsource": "CONFIRM", + "url": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11050.json b/2017/11xxx/CVE-2017-11050.json index 66aa19ce938..37326de2887 100644 --- a/2017/11xxx/CVE-2017-11050.json +++ b/2017/11xxx/CVE-2017-11050.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-11050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size less than the minimal possible source data size in the host driver, a buffer overflow can potentially occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-11050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size less than the minimal possible source data size in the host driver, a buffer overflow can potentially occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "101160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101160" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11331.json b/2017/11xxx/CVE-2017-11331.json index b7da75fbab5..177c7552e9c 100644 --- a/2017/11xxx/CVE-2017-11331.json +++ b/2017/11xxx/CVE-2017-11331.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42397", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42397/" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/80", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/80" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42397", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42397/" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/80", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/80" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11353.json b/2017/11xxx/CVE-2017-11353.json index 50a75d23e89..4d4ef25751f 100644 --- a/2017/11xxx/CVE-2017-11353.json +++ b/2017/11xxx/CVE-2017-11353.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/868300", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/868300" - }, - { - "name" : "https://github.com/TheLocehiliosan/yadm/issues/74", - "refsource" : "CONFIRM", - "url" : "https://github.com/TheLocehiliosan/yadm/issues/74" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TheLocehiliosan/yadm/issues/74", + "refsource": "CONFIRM", + "url": "https://github.com/TheLocehiliosan/yadm/issues/74" + }, + { + "name": "https://bugs.debian.org/868300", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/868300" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11890.json b/2017/11xxx/CVE-2017-11890.json index a965510d07c..b93ec9123b5 100644 --- a/2017/11xxx/CVE-2017-11890.json +++ b/2017/11xxx/CVE-2017-11890.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43369", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43369/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11890", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11890" - }, - { - "name" : "102082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102082" - }, - { - "name" : "1039991", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102082" + }, + { + "name": "1039991", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039991" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11890", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11890" + }, + { + "name": "43369", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43369/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14203.json b/2017/14xxx/CVE-2017-14203.json index 15596906941..7f450f275db 100644 --- a/2017/14xxx/CVE-2017-14203.json +++ b/2017/14xxx/CVE-2017-14203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14203", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14203", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14543.json b/2017/14xxx/CVE-2017-14543.json index e250b3a4ffb..c9c454ba828 100644 --- a/2017/14xxx/CVE-2017-14543.json +++ b/2017/14xxx/CVE-2017-14543.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to \"Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14543", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to \"Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14543", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14543" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14672.json b/2017/14xxx/CVE-2017-14672.json index 51cf306ac24..cc7d804afea 100644 --- a/2017/14xxx/CVE-2017-14672.json +++ b/2017/14xxx/CVE-2017-14672.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14672", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14672", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14896.json b/2017/14xxx/CVE-2017-14896.json index fbe33259007..403949c9492 100644 --- a/2017/14xxx/CVE-2017-14896.json +++ b/2017/14xxx/CVE-2017-14896.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-14896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory overwrite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer overflow leading to kernel memory write in gud driver" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-14896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory overwrite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow leading to kernel memory write in gud driver" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15190.json b/2017/15xxx/CVE-2017-15190.json index 2a5c5e7ca4d..c288641dafe 100644 --- a/2017/15xxx/CVE-2017-15190.json +++ b/2017/15xxx/CVE-2017-15190.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077" - }, - { - "name" : "https://code.wireshark.org/review/23635", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/23635" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-45.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-45.html" - }, - { - "name" : "101229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-45.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-45.html" + }, + { + "name": "https://code.wireshark.org/review/23635", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/23635" + }, + { + "name": "101229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101229" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15306.json b/2017/15xxx/CVE-2017-15306.json index 3180ec4cf8c..226609ae1a5 100644 --- a/2017/15xxx/CVE-2017-15306.json +++ b/2017/15xxx/CVE-2017-15306.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c18c01745bbd3c47a36b124e5fd8c0", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c18c01745bbd3c47a36b124e5fd8c0" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/11/06/6", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/11/06/6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11", - "refsource" : "MISC", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0" - }, - { - "name" : "101693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101693" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11", + "refsource": "MISC", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11" + }, + { + "name": "https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c18c01745bbd3c47a36b124e5fd8c0", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c18c01745bbd3c47a36b124e5fd8c0" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/11/06/6", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/11/06/6" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15773.json b/2017/15xxx/CVE-2017-15773.json index 5d94e958618..c112b365754 100644 --- a/2017/15xxx/CVE-2017-15773.json +++ b/2017/15xxx/CVE-2017-15773.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285d79.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285d79.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8192.json b/2017/8xxx/CVE-2017-8192.json index 69fea6fb54f..581cf17e12d 100644 --- a/2017/8xxx/CVE-2017-8192.json +++ b/2017/8xxx/CVE-2017-8192.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FusionSphere OpenStack", - "version" : { - "version_data" : [ - { - "version_value" : "V100R006C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FusionSphere OpenStack", + "version": { + "version_data": [ + { + "version_value": "V100R006C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8958.json b/2017/8xxx/CVE-2017-8958.json index ad4697f94ca..527ed20afd9 100644 --- a/2017/8xxx/CVE-2017-8958.json +++ b/2017/8xxx/CVE-2017-8958.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-10-05T00:00:00", - "ID" : "CVE-2017-8958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "7.3 E0504P04 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 and earlier was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-10-05T00:00:00", + "ID": "CVE-2017-8958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "7.3 E0504P04 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03786en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03786en_us" - }, - { - "name" : "101202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 and earlier was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101202" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03786en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03786en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12077.json b/2018/12xxx/CVE-2018-12077.json index edfdfb3d6f5..bba17689b3b 100644 --- a/2018/12xxx/CVE-2018-12077.json +++ b/2018/12xxx/CVE-2018-12077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12077", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12077", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12227.json b/2018/12xxx/CVE-2018-12227.json index 8acc1ffa5d7..c8721a8c821 100644 --- a/2018/12xxx/CVE-2018-12227.json +++ b/2018/12xxx/CVE-2018-12227.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2018-008.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2018-008.html" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-27818", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-27818" - }, - { - "name" : "DSA-4320", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4320" - }, - { - "name" : "GLSA-201811-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-11" - }, - { - "name" : "104455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4320", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4320" + }, + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27818", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2018-008.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html" + }, + { + "name": "104455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104455" + }, + { + "name": "GLSA-201811-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-11" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12239.json b/2018/12xxx/CVE-2018-12239.json index 649d8ccb226..68630ac3683 100644 --- a/2018/12xxx/CVE-2018-12239.json +++ b/2018/12xxx/CVE-2018-12239.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "ID" : "CVE-2018-12239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Norton; Symantec Endpoint Protection (SEP); Symantec Endpoint Protection Small Business Edition (SEP SBE); Symantec Endpoint Protection Cloud (SEP Cloud)", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 22.15 [Norton]" - }, - { - "version_value" : "Prior to 12.1.7454.7000 & 14.2 [Symantec Endpoint Protection (SEP)]" - }, - { - "version_value" : "Prior to NIS-22.15.1.8 & SEP-12.1.7454.7000 [Symantec Endpoint Protection Small Business Edition (SEP SBE)]" - }, - { - "version_value" : "Prior to 22.15.1 [Symantec Endpoint Protection Cloud (SEP Cloud)]" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "AV Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2018-12239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Norton; Symantec Endpoint Protection (SEP); Symantec Endpoint Protection Small Business Edition (SEP SBE); Symantec Endpoint Protection Cloud (SEP Cloud)", + "version": { + "version_data": [ + { + "version_value": "Prior to 22.15 [Norton]" + }, + { + "version_value": "Prior to 12.1.7454.7000 & 14.2 [Symantec Endpoint Protection (SEP)]" + }, + { + "version_value": "Prior to NIS-22.15.1.8 & SEP-12.1.7454.7000 [Symantec Endpoint Protection Small Business Edition (SEP SBE)]" + }, + { + "version_value": "Prior to 22.15.1 [Symantec Endpoint Protection Cloud (SEP Cloud)]" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html", - "refsource" : "CONFIRM", - "url" : "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html" - }, - { - "name" : "105918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "AV Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105918" + }, + { + "name": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html", + "refsource": "CONFIRM", + "url": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12434.json b/2018/12xxx/CVE-2018-12434.json index 9a8d3560f50..a3ef0481a75 100644 --- a/2018/12xxx/CVE-2018-12434.json +++ b/2018/12xxx/CVE-2018-12434.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt", - "refsource" : "MISC", - "url" : "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt" - }, - { - "name" : "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt", - "refsource" : "MISC", - "url" : "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt" - }, - { - "name" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt", + "refsource": "MISC", + "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt" + }, + { + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" + }, + { + "name": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt", + "refsource": "MISC", + "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12884.json b/2018/12xxx/CVE-2018-12884.json index ff6783658ac..1278a13ebc9 100644 --- a/2018/12xxx/CVE-2018-12884.json +++ b/2018/12xxx/CVE-2018-12884.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OctopusDeploy/Issues/issues/4674", - "refsource" : "MISC", - "url" : "https://github.com/OctopusDeploy/Issues/issues/4674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OctopusDeploy/Issues/issues/4674", + "refsource": "MISC", + "url": "https://github.com/OctopusDeploy/Issues/issues/4674" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13197.json b/2018/13xxx/CVE-2018-13197.json index 809b70aa30e..e2fb9f2c7b0 100644 --- a/2018/13xxx/CVE-2018-13197.json +++ b/2018/13xxx/CVE-2018-13197.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WelfareTokenFund", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WelfareTokenFund" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WelfareTokenFund", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WelfareTokenFund" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13228.json b/2018/13xxx/CVE-2018-13228.json index ab3e66678e0..d97026b447d 100644 --- a/2018/13xxx/CVE-2018-13228.json +++ b/2018/13xxx/CVE-2018-13228.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13244.json b/2018/13xxx/CVE-2018-13244.json index d1481ac2590..e2bdcc241c9 100644 --- a/2018/13xxx/CVE-2018-13244.json +++ b/2018/13xxx/CVE-2018-13244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13645.json b/2018/13xxx/CVE-2018-13645.json index 31b668b66e8..2796837dbbd 100644 --- a/2018/13xxx/CVE-2018-13645.json +++ b/2018/13xxx/CVE-2018-13645.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Fiocoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Fiocoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Fiocoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Fiocoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13998.json b/2018/13xxx/CVE-2018-13998.json index db2f6c90f6c..93723da8594 100644 --- a/2018/13xxx/CVE-2018-13998.json +++ b/2018/13xxx/CVE-2018-13998.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ClipperCMS/ClipperCMS/issues/491", - "refsource" : "MISC", - "url" : "https://github.com/ClipperCMS/ClipperCMS/issues/491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ClipperCMS/ClipperCMS/issues/491", + "refsource": "MISC", + "url": "https://github.com/ClipperCMS/ClipperCMS/issues/491" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16001.json b/2018/16xxx/CVE-2018-16001.json index 639e4b45d5b..84ced54f502 100644 --- a/2018/16xxx/CVE-2018-16001.json +++ b/2018/16xxx/CVE-2018-16001.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16221.json b/2018/16xxx/CVE-2018-16221.json index bd675069747..25808182fee 100644 --- a/2018/16xxx/CVE-2018-16221.json +++ b/2018/16xxx/CVE-2018-16221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16415.json b/2018/16xxx/CVE-2018-16415.json index 8b4710cf290..743846f29ba 100644 --- a/2018/16xxx/CVE-2018-16415.json +++ b/2018/16xxx/CVE-2018-16415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16415", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16415", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16443.json b/2018/16xxx/CVE-2018-16443.json index 7f952ff0058..6eba3c66fa8 100644 --- a/2018/16xxx/CVE-2018-16443.json +++ b/2018/16xxx/CVE-2018-16443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16443", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16443", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16452.json b/2018/16xxx/CVE-2018-16452.json index 9372d6a091d..cc9be11faf4 100644 --- a/2018/16xxx/CVE-2018-16452.json +++ b/2018/16xxx/CVE-2018-16452.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16452", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16452", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16948.json b/2018/16xxx/CVE-2018-16948.json index 42348cb3df0..10e7029ba1d 100644 --- a/2018/16xxx/CVE-2018-16948.json +++ b/2018/16xxx/CVE-2018-16948.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html" - }, - { - "name" : "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt", - "refsource" : "CONFIRM", - "url" : "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt" - }, - { - "name" : "DSA-4302", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html" + }, + { + "name": "DSA-4302", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4302" + }, + { + "name": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt", + "refsource": "CONFIRM", + "url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17132.json b/2018/17xxx/CVE-2018-17132.json index 378e19c3bbd..aab0b9a1ad1 100644 --- a/2018/17xxx/CVE-2018-17132.json +++ b/2018/17xxx/CVE-2018-17132.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/panghusec/exploit/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/panghusec/exploit/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/panghusec/exploit/issues/4", + "refsource": "MISC", + "url": "https://github.com/panghusec/exploit/issues/4" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4530.json b/2018/4xxx/CVE-2018-4530.json index 8438e48094f..632dd3aa544 100644 --- a/2018/4xxx/CVE-2018-4530.json +++ b/2018/4xxx/CVE-2018-4530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4530", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4530", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4544.json b/2018/4xxx/CVE-2018-4544.json index 0ab82337fdb..d8b52bfc307 100644 --- a/2018/4xxx/CVE-2018-4544.json +++ b/2018/4xxx/CVE-2018-4544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4544", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4544", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4889.json b/2018/4xxx/CVE-2018-4889.json index 3ff3e587148..3b36e109e2d 100644 --- a/2018/4xxx/CVE-2018-4889.json +++ b/2018/4xxx/CVE-2018-4889.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102996" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102996" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file