From 69335a2c635d8b4317edfdd86f3ec9ce9f2b6902 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:51:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0127.json | 310 +++++++++--------- 2003/0xxx/CVE-2003-0944.json | 120 +++---- 2003/1xxx/CVE-2003-1078.json | 160 ++++----- 2003/1xxx/CVE-2003-1210.json | 140 ++++---- 2003/1xxx/CVE-2003-1315.json | 180 +++++------ 2003/1xxx/CVE-2003-1603.json | 150 ++++----- 2004/0xxx/CVE-2004-0339.json | 140 ++++---- 2004/0xxx/CVE-2004-0560.json | 130 ++++---- 2004/0xxx/CVE-2004-0734.json | 140 ++++---- 2004/0xxx/CVE-2004-0857.json | 34 +- 2004/1xxx/CVE-2004-1381.json | 170 +++++----- 2004/2xxx/CVE-2004-2122.json | 140 ++++---- 2004/2xxx/CVE-2004-2309.json | 160 ++++----- 2008/2xxx/CVE-2008-2115.json | 160 ++++----- 2008/2xxx/CVE-2008-2126.json | 160 ++++----- 2008/2xxx/CVE-2008-2361.json | 570 ++++++++++++++++----------------- 2008/2xxx/CVE-2008-2578.json | 200 ++++++------ 2008/2xxx/CVE-2008-2897.json | 140 ++++---- 2008/6xxx/CVE-2008-6291.json | 150 ++++----- 2008/6xxx/CVE-2008-6872.json | 160 ++++----- 2012/1xxx/CVE-2012-1949.json | 430 ++++++++++++------------- 2012/5xxx/CVE-2012-5097.json | 130 ++++---- 2012/5xxx/CVE-2012-5501.json | 150 ++++----- 2012/5xxx/CVE-2012-5550.json | 130 ++++---- 2012/5xxx/CVE-2012-5939.json | 140 ++++---- 2017/11xxx/CVE-2017-11903.json | 152 ++++----- 2017/3xxx/CVE-2017-3249.json | 142 ++++---- 2017/3xxx/CVE-2017-3324.json | 166 +++++----- 2017/3xxx/CVE-2017-3437.json | 166 +++++----- 2017/3xxx/CVE-2017-3449.json | 34 +- 2017/3xxx/CVE-2017-3554.json | 166 +++++----- 2017/3xxx/CVE-2017-3573.json | 172 +++++----- 2017/7xxx/CVE-2017-7552.json | 140 ++++---- 2017/7xxx/CVE-2017-7748.json | 150 ++++----- 2017/8xxx/CVE-2017-8028.json | 150 ++++----- 2017/8xxx/CVE-2017-8057.json | 130 ++++---- 2017/8xxx/CVE-2017-8152.json | 122 +++---- 2017/8xxx/CVE-2017-8418.json | 130 ++++---- 2017/8xxx/CVE-2017-8577.json | 142 ++++---- 2018/10xxx/CVE-2018-10321.json | 130 ++++---- 2018/10xxx/CVE-2018-10449.json | 34 +- 2018/10xxx/CVE-2018-10766.json | 34 +- 2018/12xxx/CVE-2018-12003.json | 34 +- 2018/12xxx/CVE-2018-12397.json | 244 +++++++------- 2018/12xxx/CVE-2018-12642.json | 120 +++---- 2018/12xxx/CVE-2018-12673.json | 120 +++---- 2018/13xxx/CVE-2018-13195.json | 130 ++++---- 2018/13xxx/CVE-2018-13945.json | 34 +- 2018/17xxx/CVE-2018-17162.json | 34 +- 2018/17xxx/CVE-2018-17228.json | 120 +++---- 2018/17xxx/CVE-2018-17321.json | 120 +++---- 2018/17xxx/CVE-2018-17652.json | 130 ++++---- 2018/17xxx/CVE-2018-17743.json | 34 +- 2018/17xxx/CVE-2018-17830.json | 120 +++---- 54 files changed, 3947 insertions(+), 3947 deletions(-) diff --git a/2003/0xxx/CVE-2003-0127.json b/2003/0xxx/CVE-2003-0127.json index ad2b31cd96c..dcb527de053 100644 --- a/2003/0xxx/CVE-2003-0127.json +++ b/2003/0xxx/CVE-2003-0127.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030317 Fwd: Ptrace hole / Linux 2.2.25", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html" - }, - { - "name" : "RHSA-2003:098", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2003-098.html" - }, - { - "name" : "RHSA-2003:088", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2003-088.html" - }, - { - "name" : "RHSA-2003:103", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-103.html" - }, - { - "name" : "DSA-270", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-270" - }, - { - "name" : "DSA-276", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-276" - }, - { - "name" : "DSA-311", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-311" - }, - { - "name" : "DSA-312", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-312" - }, - { - "name" : "DSA-332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-332" - }, - { - "name" : "DSA-336", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-336" - }, - { - "name" : "DSA-423", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-423" - }, - { - "name" : "DSA-495", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-495" - }, - { - "name" : "MDKSA-2003:038", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:038" - }, - { - "name" : "MDKSA-2003:039", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:039" - }, - { - "name" : "CSSA-2003-020.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt" - }, - { - "name" : "ESA-20030515-017", - "refsource" : "ENGARDE", - "url" : "http://marc.info/?l=bugtraq&m=105301461726555&w=2" - }, - { - "name" : "RHSA-2003:145", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-145.html" - }, - { - "name" : "GLSA-200303-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200303-17.xml" - }, - { - "name" : "VU#628849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/628849" - }, - { - "name" : "oval:org.mitre.oval:def:254", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:103", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-103.html" + }, + { + "name": "RHSA-2003:088", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2003-088.html" + }, + { + "name": "DSA-270", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-270" + }, + { + "name": "DSA-423", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-423" + }, + { + "name": "RHSA-2003:098", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2003-098.html" + }, + { + "name": "DSA-336", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-336" + }, + { + "name": "CSSA-2003-020.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt" + }, + { + "name": "DSA-276", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-276" + }, + { + "name": "ESA-20030515-017", + "refsource": "ENGARDE", + "url": "http://marc.info/?l=bugtraq&m=105301461726555&w=2" + }, + { + "name": "MDKSA-2003:039", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:039" + }, + { + "name": "DSA-495", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-495" + }, + { + "name": "GLSA-200303-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200303-17.xml" + }, + { + "name": "DSA-311", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-311" + }, + { + "name": "DSA-332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-332" + }, + { + "name": "20030317 Fwd: Ptrace hole / Linux 2.2.25", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html" + }, + { + "name": "oval:org.mitre.oval:def:254", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254" + }, + { + "name": "RHSA-2003:145", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-145.html" + }, + { + "name": "MDKSA-2003:038", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:038" + }, + { + "name": "DSA-312", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-312" + }, + { + "name": "VU#628849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/628849" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0944.json b/2003/0xxx/CVE-2003-0944.json index 7830a4329c0..9032b1c0baa 100644 --- a/2003/0xxx/CVE-2003-0944.json +++ b/2003/0xxx/CVE-2003-0944.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A111703-2", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A111703-2", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a111703-2.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1078.json b/2003/1xxx/CVE-2003-1078.json index 251b486d719..add2894a2ea 100644 --- a/2003/1xxx/CVE-2003-1078.json +++ b/2003/1xxx/CVE-2003-1078.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "51081", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51081-1" - }, - { - "name" : "6989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6989" - }, - { - "name" : "1006195", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006195" - }, - { - "name" : "8186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8186/" - }, - { - "name" : "solaris-ftp-plaintext-password(11436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51081", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51081-1" + }, + { + "name": "1006195", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006195" + }, + { + "name": "solaris-ftp-plaintext-password(11436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11436" + }, + { + "name": "8186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8186/" + }, + { + "name": "6989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6989" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1210.json b/2003/1xxx/CVE-2003-1210.json index 182aa224a78..706efba1d4d 100644 --- a/2003/1xxx/CVE-2003-1210.json +++ b/2003/1xxx/CVE-2003-1210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030513 More and More SQL injection on PHP-Nuke 6.5.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html" - }, - { - "name" : "7588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7588" - }, - { - "name" : "phpnuke-multiple-sql-injection(11984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpnuke-multiple-sql-injection(11984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984" + }, + { + "name": "7588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7588" + }, + { + "name": "20030513 More and More SQL injection on PHP-Nuke 6.5.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1315.json b/2003/1xxx/CVE-2003-1315.json index c4067a875b3..db94371174e 100644 --- a/2003/1xxx/CVE-2003-1315.json +++ b/2003/1xxx/CVE-2003-1315.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.neocrome.net/index.php?m=single&id=76", - "refsource" : "MISC", - "url" : "http://www.neocrome.net/index.php?m=single&id=76" - }, - { - "name" : "http://www.neocrome.net/page.php?id=1250", - "refsource" : "MISC", - "url" : "http://www.neocrome.net/page.php?id=1250" - }, - { - "name" : "9168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9168" - }, - { - "name" : "2943", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2943" - }, - { - "name" : "1008416", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008416" - }, - { - "name" : "10396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10396" - }, - { - "name" : "landdownunder-auth-sql-injection(13922)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1008416", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008416" + }, + { + "name": "http://www.neocrome.net/index.php?m=single&id=76", + "refsource": "MISC", + "url": "http://www.neocrome.net/index.php?m=single&id=76" + }, + { + "name": "http://www.neocrome.net/page.php?id=1250", + "refsource": "MISC", + "url": "http://www.neocrome.net/page.php?id=1250" + }, + { + "name": "2943", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2943" + }, + { + "name": "9168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9168" + }, + { + "name": "landdownunder-auth-sql-injection(13922)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13922" + }, + { + "name": "10396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10396" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1603.json b/2003/1xxx/CVE-2003-1603.json index b0b3fcdcc06..fe5ca9825e3 100644 --- a/2003/1xxx/CVE-2003-1603.json +++ b/2003/1xxx/CVE-2003-1603.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) \"2\" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" - }, - { - "name" : "https://twitter.com/digitalbond/status/619250429751222277", - "refsource" : "MISC", - "url" : "https://twitter.com/digitalbond/status/619250429751222277" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" - }, - { - "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1", - "refsource" : "CONFIRM", - "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) \"2\" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1", + "refsource": "CONFIRM", + "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1" + }, + { + "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" + }, + { + "name": "https://twitter.com/digitalbond/status/619250429751222277", + "refsource": "MISC", + "url": "https://twitter.com/digitalbond/status/619250429751222277" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0339.json b/2004/0xxx/CVE-2004-0339.json index 7bb1049d9ad..ce951928749 100644 --- a/2004/0xxx/CVE-2004-0339.json +++ b/2004/0xxx/CVE-2004-0339.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040228 New phpBB ViewTopic.php Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107799508130700&w=2" - }, - { - "name" : "phpbb-viewtopicphp-xss(15348)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15348" - }, - { - "name" : "9765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbb-viewtopicphp-xss(15348)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15348" + }, + { + "name": "9765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9765" + }, + { + "name": "20040228 New phpBB ViewTopic.php Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107799508130700&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0560.json b/2004/0xxx/CVE-2004-0560.json index 9bd653ed7f4..729d2279f5e 100644 --- a/2004/0xxx/CVE-2004-0560.json +++ b/2004/0xxx/CVE-2004-0560.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-638", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-638" - }, - { - "name" : "13855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13855" + }, + { + "name": "DSA-638", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-638" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0734.json b/2004/0xxx/CVE-2004-0734.json index 14aab60d6cf..cd2b712f3c9 100644 --- a/2004/0xxx/CVE-2004-0734.json +++ b/2004/0xxx/CVE-2004-0734.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040717 Web_Store.cgi allows Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109008402715874&w=2" - }, - { - "name" : "extropia-webstore-command-execution(16710)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16710" - }, - { - "name" : "10744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "extropia-webstore-command-execution(16710)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16710" + }, + { + "name": "20040717 Web_Store.cgi allows Command Execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109008402715874&w=2" + }, + { + "name": "10744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10744" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0857.json b/2004/0xxx/CVE-2004-0857.json index b6a7c38dd1c..85d5cd98e57 100644 --- a/2004/0xxx/CVE-2004-0857.json +++ b/2004/0xxx/CVE-2004-0857.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0857", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0857", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1381.json b/2004/1xxx/CVE-2004-1381.json index abbce94a6a0..28f1b163d96 100644 --- a/2004/1xxx/CVE-2004-1381.json +++ b/2004/1xxx/CVE-2004-1381.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "oval:org.mitre.oval:def:100053", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053" - }, - { - "name" : "12712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12712" - }, - { - "name" : "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", - "refsource" : "MISC", - "url" : "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/" - }, - { - "name" : "http://secunia.com/multiple_browsers_form_field_focus_test/", - "refsource" : "MISC", - "url" : "http://secunia.com/multiple_browsers_form_field_focus_test/" - }, - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-05.html" - }, - { - "name" : "web-browser-inactive-info-disclosure(17789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:100053", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-05.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-05.html" + }, + { + "name": "web-browser-inactive-info-disclosure(17789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789" + }, + { + "name": "http://secunia.com/multiple_browsers_form_field_focus_test/", + "refsource": "MISC", + "url": "http://secunia.com/multiple_browsers_form_field_focus_test/" + }, + { + "name": "12712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12712" + }, + { + "name": "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", + "refsource": "MISC", + "url": "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2122.json b/2004/2xxx/CVE-2004-2122.json index 6d7d6cec66a..bd1bb76810e 100644 --- a/2004/2xxx/CVE-2004-2122.json +++ b/2004/2xxx/CVE-2004-2122.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040124 Inrtra Forum Cross Site Scripting Vulnerabillity", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107497803617071&w=2" - }, - { - "name" : "1008839", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008839" - }, - { - "name" : "intraforum-intraforumcgi-xss(14933)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1008839", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008839" + }, + { + "name": "intraforum-intraforumcgi-xss(14933)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14933" + }, + { + "name": "20040124 Inrtra Forum Cross Site Scripting Vulnerabillity", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107497803617071&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2309.json b/2004/2xxx/CVE-2004-2309.json index 7e856f0d8d5..1469d11ba2c 100644 --- a/2004/2xxx/CVE-2004-2309.json +++ b/2004/2xxx/CVE-2004-2309.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040201 Vulnerabilities in Crob FTP Server V3.5.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/352329" - }, - { - "name" : "9546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9546" - }, - { - "name" : "1008908", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Feb/1008908.html" - }, - { - "name" : "10778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10778/" - }, - { - "name" : "crob-dir-directory-traversal(15028)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9546" + }, + { + "name": "crob-dir-directory-traversal(15028)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15028" + }, + { + "name": "20040201 Vulnerabilities in Crob FTP Server V3.5.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/352329" + }, + { + "name": "10778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10778/" + }, + { + "name": "1008908", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Feb/1008908.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2115.json b/2008/2xxx/CVE-2008-2115.json index c2306726347..05ae07234a5 100644 --- a/2008/2xxx/CVE-2008-2115.json +++ b/2008/2xxx/CVE-2008-2115.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080506 Power Editor LOCAL FILE INCLUSION Vulnerbility", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491702/100/0/threaded" - }, - { - "name" : "5549", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5549" - }, - { - "name" : "29063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29063" - }, - { - "name" : "3864", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3864" - }, - { - "name" : "powereditor-editor-xss(42223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29063" + }, + { + "name": "5549", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5549" + }, + { + "name": "20080506 Power Editor LOCAL FILE INCLUSION Vulnerbility", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491702/100/0/threaded" + }, + { + "name": "3864", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3864" + }, + { + "name": "powereditor-editor-xss(42223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42223" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2126.json b/2008/2xxx/CVE-2008-2126.json index 528b72a39a5..4ab842d5c2d 100644 --- a/2008/2xxx/CVE-2008-2126.json +++ b/2008/2xxx/CVE-2008-2126.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080507 Multiple XSS In TuxCMS All Version", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121019103418967&w=2" - }, - { - "name" : "29090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29090" - }, - { - "name" : "44917", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44917" - }, - { - "name" : "30121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30121" - }, - { - "name" : "tuxcms-multiple-xss(42252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44917", + "refsource": "OSVDB", + "url": "http://osvdb.org/44917" + }, + { + "name": "20080507 Multiple XSS In TuxCMS All Version", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121019103418967&w=2" + }, + { + "name": "30121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30121" + }, + { + "name": "29090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29090" + }, + { + "name": "tuxcms-multiple-xss(42252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42252" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2361.json b/2008/2xxx/CVE-2008-2361.json index 8735ed8cab8..d668935aacd 100644 --- a/2008/2xxx/CVE-2008-2361.json +++ b/2008/2xxx/CVE-2008-2361.json @@ -1,287 +1,287 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=719" - }, - { - "name" : "20080620 rPSA-2008-0200-1 xorg-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493548/100/0/threaded" - }, - { - "name" : "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493550/100/0/threaded" - }, - { - "name" : "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html" - }, - { - "name" : "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2607", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2607" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2619", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2619" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm" - }, - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "DSA-1595", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1595" - }, - { - "name" : "GLSA-200806-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200806-07.xml" - }, - { - "name" : "GLSA-200807-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml" - }, - { - "name" : "MDVSA-2008:116", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116" - }, - { - "name" : "MDVSA-2008:115", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115" - }, - { - "name" : "MDVSA-2008:179", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179" - }, - { - "name" : "RHSA-2008:0502", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0502.html" - }, - { - "name" : "RHSA-2008:0504", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0504.html" - }, - { - "name" : "RHSA-2008:0503", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0503.html" - }, - { - "name" : "238686", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1" - }, - { - "name" : "SUSE-SA:2008:027", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html" - }, - { - "name" : "SUSE-SR:2008:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html" - }, - { - "name" : "USN-616-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-616-1" - }, - { - "name" : "29665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29665" - }, - { - "name" : "oval:org.mitre.oval:def:8978", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8978" - }, - { - "name" : "ADV-2008-1803", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1803" - }, - { - "name" : "ADV-2008-1833", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1833" - }, - { - "name" : "ADV-2008-1983", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1983/references" - }, - { - "name" : "1020244", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020244" - }, - { - "name" : "30627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30627" - }, - { - "name" : "30629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30629" - }, - { - "name" : "30630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30630" - }, - { - "name" : "30637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30637" - }, - { - "name" : "30659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30659" - }, - { - "name" : "30664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30664" - }, - { - "name" : "30666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30666" - }, - { - "name" : "30671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30671" - }, - { - "name" : "30715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30715" - }, - { - "name" : "30772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30772" - }, - { - "name" : "30809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30809" - }, - { - "name" : "30843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30843" - }, - { - "name" : "31109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31109" - }, - { - "name" : "32099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32099" - }, - { - "name" : "31025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31025" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.rpath.com/browse/RPL-2607", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2607" + }, + { + "name": "30629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30629" + }, + { + "name": "238686", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1" + }, + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "30664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30664" + }, + { + "name": "MDVSA-2008:115", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115" + }, + { + "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded" + }, + { + "name": "31025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31025" + }, + { + "name": "20080611 Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=719" + }, + { + "name": "RHSA-2008:0502", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "ADV-2008-1833", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1833" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201" + }, + { + "name": "GLSA-200806-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml" + }, + { + "name": "30715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30715" + }, + { + "name": "30666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30666" + }, + { + "name": "30627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30627" + }, + { + "name": "oval:org.mitre.oval:def:8978", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8978" + }, + { + "name": "30637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30637" + }, + { + "name": "MDVSA-2008:116", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116" + }, + { + "name": "ADV-2008-1803", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1803" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm" + }, + { + "name": "SUSE-SA:2008:027", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html" + }, + { + "name": "30772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30772" + }, + { + "name": "29665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29665" + }, + { + "name": "RHSA-2008:0503", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html" + }, + { + "name": "30659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30659" + }, + { + "name": "31109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31109" + }, + { + "name": "ADV-2008-1983", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1983/references" + }, + { + "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff", + "refsource": "CONFIRM", + "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff" + }, + { + "name": "30671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30671" + }, + { + "name": "30809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30809" + }, + { + "name": "MDVSA-2008:179", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179" + }, + { + "name": "1020244", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020244" + }, + { + "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html" + }, + { + "name": "RHSA-2008:0504", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html" + }, + { + "name": "30843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30843" + }, + { + "name": "DSA-1595", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1595" + }, + { + "name": "USN-616-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-616-1" + }, + { + "name": "32099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32099" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2619", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2619" + }, + { + "name": "SUSE-SR:2008:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html" + }, + { + "name": "20080620 rPSA-2008-0200-1 xorg-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded" + }, + { + "name": "30630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30630" + }, + { + "name": "GLSA-200807-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2578.json b/2008/2xxx/CVE-2008-2578.json index f6679b5ca04..9c198a8b846 100644 --- a/2008/2xxx/CVE-2008-2578.json +++ b/2008/2xxx/CVE-2008-2578.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020498", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020498" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - }, - { - "name" : "oracle-weblogic-log-priv-escalation(43827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "oracle-weblogic-log-priv-escalation(43827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43827" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + }, + { + "name": "1020498", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020498" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2897.json b/2008/2xxx/CVE-2008-2897.json index f211396381f..c91b9e37447 100644 --- a/2008/2xxx/CVE-2008-2897.json +++ b/2008/2xxx/CVE-2008-2897.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5899", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5899" - }, - { - "name" : "29870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29870" - }, - { - "name" : "pagesquidcms-index-sql-injection(43252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29870" + }, + { + "name": "5899", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5899" + }, + { + "name": "pagesquidcms-index-sql-injection(43252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43252" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6291.json b/2008/6xxx/CVE-2008-6291.json index 4cf77f3ebac..9bf6c03b425 100644 --- a/2008/6xxx/CVE-2008-6291.json +++ b/2008/6xxx/CVE-2008-6291.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to \"admin\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6966", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6966" - }, - { - "name" : "32074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32074" - }, - { - "name" : "32507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32507" - }, - { - "name" : "accphpemail-cookie-auth-bypass(46289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to \"admin\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "accphpemail-cookie-auth-bypass(46289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46289" + }, + { + "name": "32507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32507" + }, + { + "name": "32074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32074" + }, + { + "name": "6966", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6966" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6872.json b/2008/6xxx/CVE-2008-6872.json index 18ba00117cb..39ef0f47c6d 100644 --- a/2008/6xxx/CVE-2008-6872.json +++ b/2008/6xxx/CVE-2008-6872.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7292", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7292" - }, - { - "name" : "50329", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50329" - }, - { - "name" : "32912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32912" - }, - { - "name" : "ADV-2008-3301", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3301" - }, - { - "name" : "aspthai-aspthaiforum-info-disclosure(46960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32912" + }, + { + "name": "7292", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7292" + }, + { + "name": "50329", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50329" + }, + { + "name": "ADV-2008-3301", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3301" + }, + { + "name": "aspthai-aspthaiforum-info-disclosure(46960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46960" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1949.json b/2012/1xxx/CVE-2012-1949.json index eac53b4f4bc..4aae53db3b7 100644 --- a/2012/1xxx/CVE-2012-1949.json +++ b/2012/1xxx/CVE-2012-1949.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-42.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-42.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712914", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712914" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=717488", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=717488" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718290", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718290" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=725499", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=725499" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=738841", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=738841" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=743876", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=743876" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=752662", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=752662" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=754725", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=754725" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=757431", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=757431" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=765179", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=765179" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=766018", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=766018" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=766304", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=766304" - }, - { - "name" : "openSUSE-SU-2012:0899", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html" - }, - { - "name" : "openSUSE-SU-2012:0917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:0895", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html" - }, - { - "name" : "SUSE-SU-2012:0896", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html" - }, - { - "name" : "USN-1509-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1509-1" - }, - { - "name" : "USN-1509-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1509-2" - }, - { - "name" : "USN-1510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1510-1" - }, - { - "name" : "54580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54580" - }, - { - "name" : "84006", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84006" - }, - { - "name" : "oval:org.mitre.oval:def:17027", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17027" - }, - { - "name" : "1027256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027256" - }, - { - "name" : "1027257", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027257" - }, - { - "name" : "1027258", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027258" - }, - { - "name" : "49965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49965" - }, - { - "name" : "49972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49972" - }, - { - "name" : "49992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49992" - }, - { - "name" : "49968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49968" - }, - { - "name" : "49993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49993" - }, - { - "name" : "49994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=757431", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=757431" + }, + { + "name": "49992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49992" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=766304", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=766304" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=752662", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=752662" + }, + { + "name": "1027256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027256" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=718290", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=718290" + }, + { + "name": "oval:org.mitre.oval:def:17027", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17027" + }, + { + "name": "USN-1509-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1509-2" + }, + { + "name": "1027258", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027258" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=765179", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=765179" + }, + { + "name": "SUSE-SU-2012:0895", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html" + }, + { + "name": "USN-1510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1510-1" + }, + { + "name": "84006", + "refsource": "OSVDB", + "url": "http://osvdb.org/84006" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=754725", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=754725" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=766018", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=766018" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=717488", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=717488" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-42.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-42.html" + }, + { + "name": "49965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49965" + }, + { + "name": "1027257", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027257" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=712914", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=712914" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=743876", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=743876" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=725499", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=725499" + }, + { + "name": "54580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54580" + }, + { + "name": "openSUSE-SU-2012:0917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" + }, + { + "name": "SUSE-SU-2012:0896", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html" + }, + { + "name": "49994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49994" + }, + { + "name": "openSUSE-SU-2012:0899", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html" + }, + { + "name": "49968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49968" + }, + { + "name": "USN-1509-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1509-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=738841", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=738841" + }, + { + "name": "49993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49993" + }, + { + "name": "49972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49972" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5097.json b/2012/5xxx/CVE-2012-5097.json index 9159cc21449..0c3d5793b7c 100644 --- a/2012/5xxx/CVE-2012-5097.json +++ b/2012/5xxx/CVE-2012-5097.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5501.json b/2012/5xxx/CVE-2012-5501.json index b3d522b8da5..22f31bc3547 100644 --- a/2012/5xxx/CVE-2012-5501.json +++ b/2012/5xxx/CVE-2012-5501.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121106", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121106" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/17", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/17", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/17" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121106", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121106" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5550.json b/2012/5xxx/CVE-2012-5550.json index 397f088a6de..cb4c6e902bf 100644 --- a/2012/5xxx/CVE-2012-5550.json +++ b/2012/5xxx/CVE-2012-5550.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4" - }, - { - "name" : "http://drupal.org/node/1822066", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1822066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1822066", + "refsource": "MISC", + "url": "http://drupal.org/node/1822066" + }, + { + "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5939.json b/2012/5xxx/CVE-2012-5939.json index 897eb2b1c05..8f9ebca98d6 100644 --- a/2012/5xxx/CVE-2012-5939.json +++ b/2012/5xxx/CVE-2012-5939.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625935", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625935" - }, - { - "name" : "IV32391", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391" - }, - { - "name" : "taddm-welcome-xss(80494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "taddm-welcome-xss(80494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80494" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935" + }, + { + "name": "IV32391", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11903.json b/2017/11xxx/CVE-2017-11903.json index f2d7354f928..c3e706c8620 100644 --- a/2017/11xxx/CVE-2017-11903.json +++ b/2017/11xxx/CVE-2017-11903.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43367", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43367/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11903", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11903" - }, - { - "name" : "102047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102047" - }, - { - "name" : "1039991", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102047" + }, + { + "name": "1039991", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039991" + }, + { + "name": "43367", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43367/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11903", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11903" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3249.json b/2017/3xxx/CVE-2017-3249.json index 9b114705934..9459c2c9e04 100644 --- a/2017/3xxx/CVE-2017-3249.json +++ b/2017/3xxx/CVE-2017-3249.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GlassFish Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "3.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GlassFish Server", + "version": { + "version_data": [ + { + "version_value": "2.1.1" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "3.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95484" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3324.json b/2017/3xxx/CVE-2017-3324.json index b6a42e85c82..d58d0f0aebc 100644 --- a/2017/3xxx/CVE-2017-3324.json +++ b/2017/3xxx/CVE-2017-3324.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Primavera P6 Enterprise Project Portfolio Management", - "version" : { - "version_data" : [ - { - "version_value" : "8.2" - }, - { - "version_value" : "8.3" - }, - { - "version_value" : "8.4" - }, - { - "version_value" : "15.1" - }, - { - "version_value" : "15.2" - }, - { - "version_value" : "16.1" - }, - { - "version_value" : "16.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS v3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "8.2" + }, + { + "version_value": "8.3" + }, + { + "version_value": "8.4" + }, + { + "version_value": "15.1" + }, + { + "version_value": "15.2" + }, + { + "version_value": "16.1" + }, + { + "version_value": "16.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS v3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95528" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3437.json b/2017/3xxx/CVE-2017-3437.json index 82d4310bc31..1d27775e204 100644 --- a/2017/3xxx/CVE-2017-3437.json +++ b/2017/3xxx/CVE-2017-3437.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "One-to-One Fulfillment", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One-to-One Fulfillment", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95569" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3449.json b/2017/3xxx/CVE-2017-3449.json index ab8a43e2429..fca470d57d0 100644 --- a/2017/3xxx/CVE-2017-3449.json +++ b/2017/3xxx/CVE-2017-3449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3554.json b/2017/3xxx/CVE-2017-3554.json index 83fb7902535..2641546d5b5 100644 --- a/2017/3xxx/CVE-2017-3554.json +++ b/2017/3xxx/CVE-2017-3554.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCenter Sites", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.8.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.8.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97842" - }, - { - "name" : "1038291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038291" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97842" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3573.json b/2017/3xxx/CVE-2017-3573.json index 0ec20d7c45b..910bea390e2 100644 --- a/2017/3xxx/CVE-2017-3573.json +++ b/2017/3xxx/CVE-2017-3573.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality OPERA 5 Property Services", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.4.0.x" - }, - { - "version_affected" : "=", - "version_value" : "5.4.1.x" - }, - { - "version_affected" : "=", - "version_value" : "5.4.2.x" - }, - { - "version_affected" : "=", - "version_value" : "5.4.3.x" - }, - { - "version_affected" : "=", - "version_value" : "5.5.0.x" - }, - { - "version_affected" : "=", - "version_value" : "5.5.1.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.4.0.x" + }, + { + "version_affected": "=", + "version_value": "5.4.1.x" + }, + { + "version_affected": "=", + "version_value": "5.4.2.x" + }, + { + "version_affected": "=", + "version_value": "5.4.3.x" + }, + { + "version_affected": "=", + "version_value": "5.5.0.x" + }, + { + "version_affected": "=", + "version_value": "5.5.1.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97868" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7552.json b/2017/7xxx/CVE-2017-7552.json index 801f74d14c4..5e01aae6e01 100644 --- a/2017/7xxx/CVE-2017-7552.json +++ b/2017/7xxx/CVE-2017-7552.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1477797", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1477797" - }, - { - "name" : "RHSA-2017:2674", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2674" - }, - { - "name" : "RHSA-2017:2675", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2674", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2674" + }, + { + "name": "RHSA-2017:2675", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2675" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7748.json b/2017/7xxx/CVE-2017-7748.json index b3940228007..5a0950c06ef 100644 --- a/2017/7xxx/CVE-2017-7748.json +++ b/2017/7xxx/CVE-2017-7748.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-21.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-21.html" - }, - { - "name" : "97628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-21.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-21.html" + }, + { + "name": "97628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97628" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8028.json b/2017/8xxx/CVE-2017-8028.json index c8309ebd5ed..a7ccdd93326 100644 --- a/2017/8xxx/CVE-2017-8028.json +++ b/2017/8xxx/CVE-2017-8028.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spring-LDAP Spring-LDAP versions 1.3.0 2.3.1", - "version" : { - "version_data" : [ - { - "version_value" : "Spring-LDAP Spring-LDAP versions 1.3.0 2.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication with arbitrary password" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring-LDAP Spring-LDAP versions 1.3.0 2.3.1", + "version": { + "version_data": [ + { + "version_value": "Spring-LDAP Spring-LDAP versions 1.3.0 2.3.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171119 [SECURITY] [DLA 1180-1] libspring-ldap-java security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00026.html" - }, - { - "name" : "https://pivotal.io/security/cve-2017-8028", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2017-8028" - }, - { - "name" : "DSA-4046", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4046" - }, - { - "name" : "RHSA-2018:0319", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication with arbitrary password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0319", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0319" + }, + { + "name": "https://pivotal.io/security/cve-2017-8028", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2017-8028" + }, + { + "name": "DSA-4046", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4046" + }, + { + "name": "[debian-lts-announce] 20171119 [SECURITY] [DLA 1180-1] libspring-ldap-java security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8057.json b/2017/8xxx/CVE-2017-8057.json index b66680334f5..8afd9c4685b 100644 --- a/2017/8xxx/CVE-2017-8057.json +++ b/2017/8xxx/CVE-2017-8057.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/690-20170408-core-information-disclosure.html", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/690-20170408-core-information-disclosure.html" - }, - { - "name" : "98028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://developer.joomla.org/security-centre/690-20170408-core-information-disclosure.html", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/690-20170408-core-information-disclosure.html" + }, + { + "name": "98028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98028" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8152.json b/2017/8xxx/CVE-2017-8152.json index 74d85350267..952e44592f9 100644 --- a/2017/8xxx/CVE-2017-8152.json +++ b/2017/8xxx/CVE-2017-8152.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Honor 5S", - "version" : { - "version_data" : [ - { - "version_value" : "The versions before TAG-TL00C01B173" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "FRP bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Honor 5S", + "version": { + "version_data": [ + { + "version_value": "The versions before TAG-TL00C01B173" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "FRP bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8418.json b/2017/8xxx/CVE-2017-8418.json index 65bf3442c0b..3a01a6566c7 100644 --- a/2017/8xxx/CVE-2017-8418.json +++ b/2017/8xxx/CVE-2017-8418.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2017/05/01/14", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/01/14" - }, - { - "name" : "https://github.com/bbatsov/rubocop/issues/4336", - "refsource" : "MISC", - "url" : "https://github.com/bbatsov/rubocop/issues/4336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openwall.com/lists/oss-security/2017/05/01/14", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/05/01/14" + }, + { + "name": "https://github.com/bbatsov/rubocop/issues/4336", + "refsource": "MISC", + "url": "https://github.com/bbatsov/rubocop/issues/4336" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8577.json b/2017/8xxx/CVE-2017-8577.json index 1dad7d3b5c9..8d98eb6c489 100644 --- a/2017/8xxx/CVE-2017-8577.json +++ b/2017/8xxx/CVE-2017-8577.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-8577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "Win32k" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-8577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "Win32k" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8577", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8577" - }, - { - "name" : "99416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99416" - }, - { - "name" : "1038853", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8577", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8577" + }, + { + "name": "1038853", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038853" + }, + { + "name": "99416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99416" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10321.json b/2018/10xxx/CVE-2018-10321.json index 9a8dbe14f3d..8639c7591a3 100644 --- a/2018/10xxx/CVE-2018-10321.json +++ b/2018/10xxx/CVE-2018-10321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via \"Admin Site title\" in Settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44551", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44551/" - }, - { - "name" : "https://github.com/philippe/FrogCMS/issues/5", - "refsource" : "MISC", - "url" : "https://github.com/philippe/FrogCMS/issues/5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via \"Admin Site title\" in Settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44551", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44551/" + }, + { + "name": "https://github.com/philippe/FrogCMS/issues/5", + "refsource": "MISC", + "url": "https://github.com/philippe/FrogCMS/issues/5" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10449.json b/2018/10xxx/CVE-2018-10449.json index 238f2c5b78d..226c06d89a3 100644 --- a/2018/10xxx/CVE-2018-10449.json +++ b/2018/10xxx/CVE-2018-10449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10766.json b/2018/10xxx/CVE-2018-10766.json index e6d7e75527e..2245288c0af 100644 --- a/2018/10xxx/CVE-2018-10766.json +++ b/2018/10xxx/CVE-2018-10766.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10766", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10766", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12003.json b/2018/12xxx/CVE-2018-12003.json index da7733e915a..3c53b2a0aef 100644 --- a/2018/12xxx/CVE-2018-12003.json +++ b/2018/12xxx/CVE-2018-12003.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12003", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12003", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12397.json b/2018/12xxx/CVE-2018-12397.json index 720c61e465c..0e0c953552e 100644 --- a/2018/12xxx/CVE-2018-12397.json +++ b/2018/12xxx/CVE-2018-12397.json @@ -1,124 +1,124 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.3" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "63" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing warning prompt when WebExtension requests local file access" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.3" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "63" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1487478", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1487478" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-26/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-26/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-27/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-27/" - }, - { - "name" : "DSA-4324", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4324" - }, - { - "name" : "GLSA-201811-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-04" - }, - { - "name" : "RHSA-2018:3005", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3005" - }, - { - "name" : "RHSA-2018:3006", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3006" - }, - { - "name" : "USN-3801-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3801-1/" - }, - { - "name" : "105718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105718" - }, - { - "name" : "1041944", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing warning prompt when WebExtension requests local file access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1487478", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1487478" + }, + { + "name": "DSA-4324", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4324" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-26/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-26/" + }, + { + "name": "GLSA-201811-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-04" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-27/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-27/" + }, + { + "name": "RHSA-2018:3005", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3005" + }, + { + "name": "105718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105718" + }, + { + "name": "RHSA-2018:3006", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3006" + }, + { + "name": "USN-3801-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3801-1/" + }, + { + "name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html" + }, + { + "name": "1041944", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041944" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12642.json b/2018/12xxx/CVE-2018-12642.json index 8b20f1a6427..a3fe7316a2c 100644 --- a/2018/12xxx/CVE-2018-12642.json +++ b/2018/12xxx/CVE-2018-12642.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c", - "refsource" : "MISC", - "url" : "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c", + "refsource": "MISC", + "url": "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12673.json b/2018/12xxx/CVE-2018-12673.json index 19f5e2cc514..c2fe1ecb2ad 100644 --- a/2018/12xxx/CVE-2018-12673.json +++ b/2018/12xxx/CVE-2018-12673.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13195.json b/2018/13xxx/CVE-2018-13195.json index e05e497bd42..19e2d125c18 100644 --- a/2018/13xxx/CVE-2018-13195.json +++ b/2018/13xxx/CVE-2018-13195.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CranooAdvanced", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CranooAdvanced" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CranooAdvanced", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CranooAdvanced" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13945.json b/2018/13xxx/CVE-2018-13945.json index aa2258d5944..eafa20939a5 100644 --- a/2018/13xxx/CVE-2018-13945.json +++ b/2018/13xxx/CVE-2018-13945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17162.json b/2018/17xxx/CVE-2018-17162.json index 0f41f6311d9..beaacc2d1f8 100644 --- a/2018/17xxx/CVE-2018-17162.json +++ b/2018/17xxx/CVE-2018-17162.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17162", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17162", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17228.json b/2018/17xxx/CVE-2018-17228.json index 7c9c250a80d..4a7f2c98985 100644 --- a/2018/17xxx/CVE-2018-17228.json +++ b/2018/17xxx/CVE-2018-17228.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/narkisr/nmap4j/issues/9", - "refsource" : "MISC", - "url" : "https://github.com/narkisr/nmap4j/issues/9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/narkisr/nmap4j/issues/9", + "refsource": "MISC", + "url": "https://github.com/narkisr/nmap4j/issues/9" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17321.json b/2018/17xxx/CVE-2018-17321.json index 0676600ec25..9d65921a8b4 100644 --- a/2018/17xxx/CVE-2018-17321.json +++ b/2018/17xxx/CVE-2018-17321.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability_14.html", - "refsource" : "MISC", - "url" : "https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability_14.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability_14.html", + "refsource": "MISC", + "url": "https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability_14.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17652.json b/2018/17xxx/CVE-2018-17652.json index 145c2169cf3..dd802325e2c 100644 --- a/2018/17xxx/CVE-2018-17652.json +++ b/2018/17xxx/CVE-2018-17652.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mandatory property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6502." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1222/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1222/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mandatory property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6502." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1222/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1222/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17743.json b/2018/17xxx/CVE-2018-17743.json index 6d580d57387..341ec35d4b6 100644 --- a/2018/17xxx/CVE-2018-17743.json +++ b/2018/17xxx/CVE-2018-17743.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17743", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17743", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17830.json b/2018/17xxx/CVE-2018-17830.json index 95ccfd94567..1ac97a162c7 100644 --- a/2018/17xxx/CVE-2018-17830.json +++ b/2018/17xxx/CVE-2018-17830.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/redaxo/redaxo4/issues/421", - "refsource" : "MISC", - "url" : "https://github.com/redaxo/redaxo4/issues/421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/redaxo/redaxo4/issues/421", + "refsource": "MISC", + "url": "https://github.com/redaxo/redaxo4/issues/421" + } + ] + } +} \ No newline at end of file